Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What kind of files are uploaded to APC for Cloud Analysis?

Carbon Black Cloud: What kind of files are uploaded to APC for Cloud Analysis?

Environment

  • Carbon Black Cloud Console: 0.53 and higher

Question

What kinds of files are uploaded to the Avira Protection Cloud (APC) for Cloud Analysis?

Answer

 All of the following requirements must be met in order for a file to get uploaded to APC for analysis:

  1. Local scanner detects nothing (not found in signature pack)
  2. Cloud reputation either has no reputation, or low confidence reputation
  3. Local ML shows risk score (Search for AvatarScanCallback or apcLevel in confer log shows an "apc" value of 4 or more)
  4. File is under the "Max file size" setting set by Policy (default 4MB)
  5. File must be a Portable Executable (PE) file

Related Content


Was this article helpful? Yes No
80% helpful (4/5)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
2416
Contributors