How Does the Sensor Treat Archive Files?
Article ID: 374331
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
How does the sensor behave with Archive files like Zip, or Tar files
Environment
- Carbon Black Cloud: All Supported Versions
Resolution
- Similar to Eicar files the sensor doesn't scan files at rest if they are not executable, it scans files on execution
- If an executable interacts with an archive file like extracting it that behavior will be analyzed and it will see the files being created during that process
Additional Information
The list of file types that the sensor will scan during the background scan is here
Feedback
Yes
No
Powered by
