Enterprise EDR: How to Download a Binary from the Console
search cancel

Enterprise EDR: How to Download a Binary from the Console

book

Article ID: 289559

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Download a binary from the Enterprise EDR Console on the Binary Details page that has been uploaded through the binary uploads opt-in feature

Environment

  • Enterprise EDR Console: All Versions
  • Enterprise EDR Sensor: 3.4.x.x and higher
  • Microsoft Windows: All Supported Versions

Resolution

  1. Navigate to the Binary Details page via 1 of 2 methods:
    • From the Investigate page
      1. Select the process name hyperlink
      2. On the process analysis page select the Binary Details hyperlink in the window next to the process tree to be navigate to the Binary Details page
    • Or from the Investigate page
      1. Select the white space in the process event row
      2. The Process Details window will appear on the right hand side of the Enterprise EDR Console
      3. Select the binary icon within the Process Details window to be navigated to the Binary Details page
  2. Select the Download button at the top of the Binary Details page to download the selected binary in .zip format with the hash of the binary as the file name

Additional Information

Binaries are not able to be downloaded from the Enterprise EDR Console unless binary uploads are enabled on the policies page
Powered by Wolken Software