Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?

Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?

Environment

  • Carbon Black Cloud Sensor: Version 3.0 and Higher
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions

Question

Why are the decoy or canary files included with Enhanced Ransomware detection for the 3.0 Sensors and above not hidden? 

Answer

Hiding these files reduces their effectiveness as some ransomware strains will intentionally skip hidden files. Keeping these files visible provides better ransomware detection efficacy.
 

Additional Notes

  • If these files are modified in any way, the sensor will replace them with new copies as it checks on the files on a regular basis
  • Some false positives were introduced with these files, and those are being reviewed and resolved by Engineering

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎12-07-2018
Views:
2934
Contributors