Enterprise EDR: Script Insights are unavailable for file backed PowerShell scripts
search cancel

Enterprise EDR: Script Insights are unavailable for file backed PowerShell scripts

book

Article ID: 290323

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

When attempting to investigate a file backed PowerShell script by clicking the "Translate" button in the Investigation Page, you see the following:
  1. Not all data could be displayed
  2. Script Insights are greyed out

Environment

  • Carbon Black Cloud Console: August 2020 Release and Higher
    • Enterprise EDR (Formerly CB ThreatHunter)
  • Carbon Black Cloud Windows Sensor: 3.6.x and Higher

Cause

A privacy centric approach was taken while introducing this feature. File backed PowerShell Scripts are not currently supported.

Resolution

A future enhancement to the feature will allow users to Opt-In and share file backed scripts.

Additional Information

The feature currently can deobfuscate scripts that are passed on the command line or directly loaded into memory
Powered by Wolken Software