logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR Sensor: What is the folder "C:\Windows\CarbonBlack\store" used for?

EDR Sensor: What is the folder "C:\Windows\CarbonBlack\store" used for?

Environment

  • EDR (formerly CB Response) Sensor:  All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

What is the folder "C:\Windows\CarbonBlack\store" used for?

Answer

  • C:\Windows\CarbonBlack\store contains copies of binaries that have not yet been shared with the EDR server as well as a catalog of all observed binaries
  • Any observed binary will be copied and stored in this location.
  • Binaries will persist in the directory until the sensor checks in to the server.
    1. If the server does not have a copy of the binary, it is upload from the endpoint.
    2. If the server already has a copy of the binary, nothing is uploaded.
    3. Binary copies are then purged from the directory after check-in.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
2502
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.