What triggers the CB Response sensor to observe/upload a binary to the server/cluster? 

• CB Response:  All Versions

The CB Response sensor will only observe/upload a binary if the binary is executed directly or loaded by another process and only if binary collection is enabled in the associated sensor group configuration.  A binary that is located on an endpoint but has never been observed running/loaded will not be uploaded/reported to the CB Response Server/Cluster.