Endpoint Standard: Request Upload of an app does not upload app to Cloud Analysis Page
search cancel

Endpoint Standard: Request Upload of an app does not upload app to Cloud Analysis Page

book

Article ID: 285073

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Log into the Carbon Black Cloud Console > Investigate > Select [App Name] > Select "Take Action" > Request Upload
  • The file is never uploaded to the the Carbon Black Cloud > Enforce > Cloud Analysis Page 

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: All Versions
Microsoft Windows: All Versions
Apple MacOS: All Versions

Resolution

  • "Request Upload" will upload apps to the Carbon Black Cloud > Settings > Inbox Page
  • "Submit unknown binaries for analysis" will allow the Carbon Black Cloud to upload unknown binaries and display the requests/results in the Cloud Analysis Page

Additional Information

  • Request Upload allows an Admin to perform file analysis outside of the Carbon Black Cloud
  • If "Submit unknown binaries for analysis" is enabled, any binary with an unknown reputation may be uploaded for additional analysis to determine if the file's execution should be blocked at the sensor. This requires the use of the local scanner as well as a Carbon Black Cloud sensor version of 3.2 or above
  • If "Submit unknown binaries for analysis" is enabled, all traffic goes through Endpoint Standard Device Services before it is routed to Carbon Black Cloud. The Carbon Black Cloud only uses third-party vendor, Avira Operations GmbH & Co. KG (“Avira”), as a sub-processor to assist with the threat analysis. The sensor will never directly communicate with Avira, so there are no additional network changes required