Carbon Black Cloud Windows Sensor: Which executables are responsible for creating network connections?
search cancel

Carbon Black Cloud Windows Sensor: Which executables are responsible for creating network connections?

book

Article ID: 288251

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Which of the CBC Windows sensor's executables are responsible for creating network connections?

Environment

  • Carbon Black Cloud Windows Sensor: All versions
  • Carbon Black Cloud Server: All versions
  • Microsoft Windows OS: All versions

Resolution

  • RepMgr.exe (communicates with cloud)
  • upd.exe (signature pack updates)
  • osqueryi.exe (potentially via curl table queries)
  • cbc_plugin_extension.ext.exe (potentially via cb_sensor_curl table queries)
Powered by Wolken Software