Environment
- Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
- Endpoint Standard(Formerly CB Defense)
- Enterprise EDR(Formerly CB ThreatHunter)
- Workload(Formerly CB Defense for VMware + VMware AppDefense)
- Audit and Remediation(Formerly CB LiveOps)
Question
What can be uploaded with the "Request Upload" feature?
Answer
The following file restrictions apply to manual file uploads.
Windows
- Windows does not restrict uploading of script files when Private Logging Level is enabled in the policy.
- Windows files that have the following file extensions can be uploaded for analysis: .exe .dll .sys .ocx .drv .scr .pif .ex_ .msi .vb .vbs .jar
macOS
- MacOS scripts are not uploaded if Private Logging Level is enabled in the policy.
- If Allow Executable Uploads for Scans is not selected, all script uploads are disabled regardless of type.
- Common macOS object types can be uploaded for analysis: Perl Python Ruby Shell TCL PHP Applescript
- The following objects cannot be uploaded:
- Files in the /etc directory Files that contain the following extensions: .class .js .pkg and .dmg with a file size of > 20MB Scripts (when Private Logging Level is enabled)
- Document files including: Keynote PDF MS Office Open Office (determined by both magic and extension)
- Files that do not contain a Magic Cookie (the first four bytes of a file that identifies the special file format)
Additional Notes
By default only executable files will upload unless the config AllowedToUploadFileTypes=3 is added using this
processThe "Request Upload" feature is for uploading files from the endpoints for further analysis as mentioned
hereRelated Content
