logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud Windows Sensor: Which executables are responsible for creating network connections?

Carbon Black Cloud Windows Sensor: Which executables are responsible for creating network connections?

Environment

  • Carbon Black Cloud Windows Sensor: All versions
  • Carbon Black Cloud Server: All versions
  • Microsoft Windows OS: All versions

Question

Which of the CBC Windows sensor's executables are responsible for creating network connections?

Answer

  • RepMgr.exe (communicates with cloud)
  • upd.exe (signature pack updates)
  • osqueryi.exe (potentially via curl table queries)
  • cbc_plugin_extension.ext.exe (potentially via cb_sensor_curl table queries)

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎04-10-2023
Views:
324
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.