Does the repcli ondemandscan tool scan the content of an archive file?
Article ID: 398137
Updated On:
Products
Carbon Black Cloud Workload
Carbon Black Cloud Audit and Remediation
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Carbon Black Cloud Container
Carbon Black Cloud Endpoint Standard
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black Cloud Managed Detection (formerly Cb Threatsight)
Carbon Black Cloud Managed Detection and Response
Carbon Black Cloud Managed Threat Hunting
Carbon Black Cloud Prevention
Issue/Introduction
Does the Carbon Black Cloud 'repcli ondemandscan' function scan the contents of an archive/zip file types?
Environment
- Carbon Black Cloud Console: Current Version
- Carbon Black Cloud Windows Sensor: 4.0.3 and Lower
- Microsoft Windows OS: Supported Versions
Cause
The output for a 'repcli ondemandscan' complete in seconds and provides a single reputation result for a single hash.
Resolution
No, the Avira scanner built into 4.0.3 and Lower Windows sensors does not scan the contents of an archive file.
Additional Information
The CBC Windows sensor will be moving to the Symantec StarGate local scanner starting with the 4.1.0 Sensor version. The release is tentatively expected after August 2025. By default, the new scanner will have an archive depth of 1; however, this will likely be a configurable value to be balanced against the performance impact scanning several layers deep.
Feedback
Yes
No
Powered by
