Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?
search cancel

Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?


Article ID: 288911


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense)


Why are the decoy or canary files included with Enhanced Ransomware detection for the 3.0 Sensors and above not hidden? 


  • Carbon Black Cloud Sensor: Version 3.0 and Higher
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions


Hiding these files reduces their effectiveness as some ransomware strains will intentionally skip hidden files. Keeping these files visible provides better ransomware detection efficacy.

Additional Information

  • If these files are modified in any way, the sensor will replace them with new copies as it checks on the files on a regular basis
  • Some false positives were introduced with these files, and those are being reviewed and resolved by Engineering