What Can Be Uploaded with the Request Upload Feature?
book
Article ID: 291274
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What can be uploaded with the "Request Upload" feature?
Environment
Carbon Black Cloud(Formerly PSC) Console: All Supported Versions
Endpoint Standard(Formerly CB Defense)
Enterprise EDR(Formerly CB ThreatHunter)
Workload(Formerly CB Defense for VMware + VMware AppDefense)
Audit and Remediation(Formerly CB LiveOps)
Resolution
The following file restrictions apply to manual file uploads.
Windows
Windows does not restrict uploading of script files when Private Logging Level is enabled in the policy.
Windows files that have the following file extensions can be uploaded for analysis: .exe .dll .sys .ocx .drv .scr .pif .ex_ .msi .vb .vbs .jar
macOS
MacOS scripts are not uploaded if Private Logging Level is enabled in the policy.
If Allow Executable Uploads for Scans is not selected, all script uploads are disabled regardless of type.
Common macOS object types can be uploaded for analysis: Perl Python Ruby Shell TCL PHP Applescript
The following objects cannot be uploaded:
Files in the /etc directory Files that contain the following extensions: .class .js .pkg and .dmg with a file size of > 20MB Scripts (when Private Logging Level is enabled)
Document files including: Keynote PDF MS Office Open Office (determined by both magic and extension)
Files that do not contain a Magic Cookie (the first four bytes of a file that identifies the special file format)
Additional Information
By default only executable files will upload unless the config AllowedToUploadFileTypes=3 is added using this process
The "Request Upload" feature is for uploading files from the endpoints for further analysis as mentioned here