Carbon Black Cloud: Files Downloaded via Live Response Using Get Command Are Unreadable
search cancel

Carbon Black Cloud: Files Downloaded via Live Response Using Get Command Are Unreadable

book

Article ID: 292466

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Files retrieved via GET command in Live Response cannot be opened due to incorrect file format.
  • Filename is a long string of characters that does not match the filename on the remote machine.

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Supported Versions

Cause

Files downloaded via Live Response will have the file extension removed and may be named similar to "9ba02d41-f873-45f4-ba19-5091c8246095".

Resolution

The downloaded file needs to be renamed, adding the correct extension matching the original file type. Example: 
The command "get C:\Temp\filename.txt" downloads the file "9ba02d41-f873-45f4-ba19-5091c8246095" to the local system.

Rename "9ba02d41-f873-45f4-ba19-5091c8246095" to "filename.txt" to make it a readable text file again.

Additional Information

  • This is expected behavior of files retrieved via Live Response.
  • If browser settings prevent the file from automatically downloading, the 'File ready for download' link in the Live Response session can be clicked to automatically begin download or prompt for a save location.
Powered by Wolken Software