What kind of files are uploaded to Carbon Black for Cloud Analysis?
search cancel

What kind of files are uploaded to Carbon Black for Cloud Analysis?

book

Article ID: 292091

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What kind of files are uploaded to Carbon Black for Cloud Analysis?

Environment

  • Carbon Black Cloud Console: 0.53 and higher

Resolution

 All of the following requirements must be met in order for a file to get uploaded to APC for analysis:

  1. Local scanner detects nothing (not found in signature pack)
  2. Cloud reputation either has no reputation, or low confidence reputation
  3. Local ML shows risk score (Search for AvatarScanCallback or apcLevel in confer log shows an "apc" value of 4 or more)
  4. File is under the "Max file size" setting set by Policy (default 4MB)
  5. File must be a Portable Executable (PE) file
Powered by Wolken Software