Environment
- Carbon Black Cloud Console: August 2020 Release and Higher
- Enterprise EDR (Formerly CB ThreatHunter)
- Carbon Black Cloud Windows Sensor: 3.6.x and Higher
Symptoms
When attempting to investigate a file backed PowerShell script by clicking the "Translate" button in the Investigation Page, you see the following:
- Not all data could be displayed
- Script Insights are greyed out
Cause
A privacy centric approach was taken while introducing this feature. File backed PowerShell Scripts are not currently supported.
Resolution
A future enhancement to the feature will allow users to Opt-In and share file backed scripts.
Additional Notes
The feature currently can deobfuscate scripts that are passed on the command line or directly loaded into memory