Carbon Black Cloud: What is the difference between Submit Unknown Binaries and Upload all New Binaries?
Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: 3.4.x.x and higher
Microsoft Windows: All Supported Versions
What is the difference between Submit Unknown Binaries for Analysis and Upload all new binaries to CB for your later analysis and download in a Endpoint Standard & Enterprise EDR org?
Submit Unknown Binaries for Analysis enables additional analysis in the cloud of unknown binaries by a third-party vendor
This policy setting is enabled with Endpoint Standard entitlement
Upload all new binaries to CB for your later analysis and download enables functionality to upload any new binary not previously seen in your organization as well as allowing for download and analysis of those binaries in the future
This policy setting is enabled with Enterprise EDR entitlement
Unknown binaries refers to any binary with an unknown reputation that will be uploaded to determine if the file's execution should be blocked at the sensor
This requires the use of the local scanner as well as a Carbon Black Cloud sensor version of 3.2 or above
New binaries refers to any binary that has not been seen previously in your organization based on its SHA-256 value
The upload all new binaries to CB for your later analysis and download feature's primary benefit is for administrators to be able to download any binaries seen in their environment
This feature is only supported on the 3.4.x.x Windows Carbon Black Cloud sensor at this time