Carbon Black Cloud: Why Are Common Files Showing As Scripts?

Carbon Black Cloud: Why Are Common Files Showing As Scripts?

search cancel

Carbon Black Cloud: Why Are Common Files Showing As Scripts?

book

Article ID: 290417

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Why are common files, such as .docx or .xlsx, showing as a script within Alert or Event data?

Environment

Carbon Black Cloud Console: All Versions

Resolution

This classification allows the Carbon Black Cloud sensor to track the files as Excel or Word files are not executable files.
So when Office applications open .docx or .xlsx files, the sensor reports the activity as script interpreters, which is an executable that opens other files for read and performs operations based on the contents of the files.

Feedback

thumb_up Yes

thumb_down No