logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?

Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?

Environment

  • Carbon Black Cloud Sensor: Version 3.0 and Higher
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions

Question

Why are the decoy or canary files included with Enhanced Ransomware detection for the 3.0 Sensors and above not hidden? 

Answer

Hiding these files reduces their effectiveness as some ransomware strains will intentionally skip hidden files. Keeping these files visible provides better ransomware detection efficacy.
 

Additional Notes

  • If these files are modified in any way, the sensor will replace them with new copies as it checks on the files on a regular basis
  • Some false positives were introduced with these files, and those are being reviewed and resolved by Engineering

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎12-07-2018
Views:
5641
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.