What Can Be Uploaded with the Request Upload Feature?
search cancel

What Can Be Uploaded with the Request Upload Feature?

book

Article ID: 291274

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

What can be uploaded with the "Request Upload" feature?

Environment

  • Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
    • Endpoint Standard(Formerly CB Defense)
    • Enterprise EDR(Formerly CB ThreatHunter)
    • Workload(Formerly CB Defense for VMware + VMware AppDefense)
    • Audit and Remediation(Formerly CB LiveOps)

Resolution

The following file restrictions apply to manual file uploads.

Windows
  • Windows does not restrict uploading of script files when Private Logging Level is enabled in the policy.
  • Windows files that have the following file extensions can be uploaded for analysis: .exe .dll .sys .ocx .drv .scr .pif .ex_ .msi .vb .vbs .jar
macOS
  • MacOS scripts are not uploaded if Private Logging Level is enabled in the policy.
  • If Allow Executable Uploads for Scans is not selected, all script uploads are disabled regardless of type.
  • Common macOS object types can be uploaded for analysis: Perl Python Ruby Shell TCL PHP Applescript
  • The following objects cannot be uploaded:
  • Files in the /etc directory Files that contain the following extensions: .class .js .pkg and .dmg with a file size of > 20MB Scripts (when Private Logging Level is enabled)
  • Document files including: Keynote PDF MS Office Open Office (determined by both magic and extension)
  • Files that do not contain a Magic Cookie (the first four bytes of a file that identifies the special file format)

Additional Information

  • By default only executable files will upload unless the config AllowedToUploadFileTypes=3 is added using this process
  • The "Request Upload" feature is for uploading files from the endpoints for further analysis as mentioned here