logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: How does Fileless_Scriptloads Impact Retention?

EDR: How does Fileless_Scriptloads Impact Retention?

Environment

  • EDR Server: 7.6+

Question

How does fileless_scriptloads collection impact retention?

Answer

It depends on the frequency of usage of PowerShell within the organization, it might have a slight impact, but we have no way to provide exact numbers.

Additional Notes

  • The fileless scriptload event leverages the Anti-Malware Scanning Interface (AMSI) support that is available in Windows 10 RS2+ and Windows 2016.
  • The fileless_scriptload event represents each occasion whe the sensor detected AMSI-decoded script content that was executed by any process.
  • Only the fileless script content that was not stored in a file on the file system when the context was executed is sent to the EDR server.
  • The fileless_scriptload data is a new event type stored and indexed in Solr.

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎12-10-2021
Views:
490
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.