Endpoint Standard: What are these $XXXXXXXX files found on a computer?
search cancel

Endpoint Standard: What are these $XXXXXXXX files found on a computer?

book

Article ID: 291525

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why are there files (doc, jpg, xls, pptx) found in various folders on my system named $XXXXXXXX?

Environment

  • Endpoint Standard (formerly CB Defense) Sensor: Version 3.0 and higher
  • Microsoft Windows: All Supported Versions
  • Apple Mac OS: All Supported Versions

Resolution

With version 3.x of the Endpoint Standard sensor, we introduced "Canary Files" into the sensor. The sensor seeds and monitors these files in various locations on the system to help in the detection of ransomware like activity on the endpoint.

Additional Information

  • Canary files are automatically deployed on version 3.x sensor in any policy
  • There is currently no way to disable canary files
  • If a canary file is deleted, the sensor will deploy a replacement in the same or different location on the system
Powered by Wolken Software