Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What Can Be Uploaded with the Request Upload Feature?

Carbon Black Cloud: What Can Be Uploaded with the Request Upload Feature?

Environment

  • Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
    • Endpoint Standard(Formerly CB Defense)
    • Enterprise EDR(Formerly CB ThreatHunter)
    • Workload(Formerly CB Defense for VMware + VMware AppDefense)
    • Audit and Remediation(Formerly CB LiveOps)

Question

What can be uploaded with the "Request Upload" feature?

Answer

The following file restrictions apply to manual file uploads.

Windows
  • Windows does not restrict uploading of script files when Private Logging Level is enabled in the policy.
  • Windows files that have the following file extensions can be uploaded for analysis: .exe .dll .sys .ocx .drv .scr .pif .ex_ .msi .vb .vbs .jar
macOS
  • MacOS scripts are not uploaded if Private Logging Level is enabled in the policy.
  • If Allow Executable Uploads for Scans is not selected, all script uploads are disabled regardless of type.
  • Common macOS object types can be uploaded for analysis: Perl Python Ruby Shell TCL PHP Applescript
  • The following objects cannot be uploaded:
  • Files in the /etc directory Files that contain the following extensions: .class .js .pkg and .dmg with a file size of > 20MB Scripts (when Private Logging Level is enabled)
  • Document files including: Keynote PDF MS Office Open Office (determined by both magic and extension)
  • Files that do not contain a Magic Cookie (the first four bytes of a file that identifies the special file format)

Related Content


Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎09-02-2020
Views:
1921
Contributors