Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard
- Enterprise EDR
- Carbon Black Cloud Sensor: 3.4.x.x and higher
- Microsoft Windows: All Supported Versions
Question
What is the difference between Submit Unknown Binaries for Analysis and Upload all new binaries to CB for your later analysis and download in a Endpoint Standard & Enterprise EDR org?
Answer
- Submit Unknown Binaries for Analysis enables additional analysis in the cloud of unknown binaries by a third-party vendor
- This policy setting is enabled with Endpoint Standard entitlement
- Upload all new binaries to CB for your later analysis and download enables functionality to upload any new binary not previously seen in your organization as well as allowing for download and analysis of those binaries in the future
- This policy setting is enabled with Enterprise EDR entitlement
Additional Notes
- Unknown binaries refers to any binary with an unknown reputation that will be uploaded to determine if the file's execution should be blocked at the sensor
- This requires the use of the local scanner as well as a Carbon Black Cloud sensor version of 3.2 or above
- New binaries refers to any binary that has not been seen previously in your organization based on its SHA-256 value
- The upload all new binaries to CB for your later analysis and download feature's primary benefit is for administrators to be able to download any binaries seen in their environment
- This feature is only supported on the 3.4.x.x Windows Carbon Black Cloud sensor at this time
- Enabling this feature can impact a site's network performance Upload All new binaries
