Submit Unknown Binaries for Cloud Analysis
Article ID: 290582
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Allow unknown binaries to be submitted for cloud analysis
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 3.2 and Higher
- Microsoft Windows: All Supported Versions
Resolution
- Sign in to the Carbon Black Cloud console
- Go to Enforce > Policies
- Select the desired policy to enable cloud binary analysis
- Under the "Sensor" tab, select the checkbox for Submit unknown binaries for analysis
- Confirm to opt in
- Click Save
Additional Information
- Enabling this option will mean that data is shared with Carbon Black and a third party for analysis
- Only the Results of the analysis are available in the "Cloud Analysis" page, not the pending status.
- Results are sent back by the Cloud after the Symantec CYNIC product has done an analysis of an unknown binary, this can take a few minutes, but usually no more than 1 hour. There is no documented SLA for results to be returned.
- Events can be found in the CBC sensor confer.log file with the action type "FileUploadWorker".
Feedback
Yes
No
Powered by
