Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What kind of files are uploaded to APC for Cloud Analysis?

Carbon Black Cloud: What kind of files are uploaded to APC for Cloud Analysis?

Environment

  • Carbon Black Cloud Console: 0.53 and higher

Question

What kinds of files are uploaded to the Avira Protection Cloud (APC) for Cloud Analysis?

Answer

 We have the following requirements for a file to get uploaded to APC

  1. Local scanner detects nothing (not found in signature pack)
  2. Cloud reputation either has no reputation, or low confidence reputation
  3. Local ML shows risk score (AvatarScanCallback line in confer log shows an "apc" value of 4 or more)
  4. File is under the "Max file size" setting set by Policy (default 4MB)
  5. File must be a Portable Executable (PE) file

Related Content


Was this article helpful? Yes No
75% helpful (3/4)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1628
Contributors