Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: Script Insights are unavailable for file backed PowerShell scripts

Enterprise EDR: Script Insights are unavailable for file backed PowerShell scripts

Environment

  • Carbon Black Cloud Console: August 2020 Release and Higher
    • Enterprise EDR (Formerly CB ThreatHunter)
  • Carbon Black Cloud Windows Sensor: 3.6.x and Higher

Symptoms

When attempting to investigate a file backed PowerShell script by clicking the "Translate" button in the Investigation Page, you see the following:
  1. Not all data could be displayed
  2. Script Insights are greyed out

Cause

A privacy centric approach was taken while introducing this feature. File backed PowerShell Scripts are not currently supported.

Resolution

A future enhancement to the feature will allow users to Opt-In and share file backed scripts.

Additional Notes

The feature currently can deobfuscate scripts that are passed on the command line or directly loaded into memory

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-08-2021
Views:
323
Contributors