Why are there .pptx, .doc, .jpg, and .xls files found in various locations throughout the system drive after installing Carbon Black Cloud Sensor version 3.x+?
VMware Carbon Black Cloud Endpoint Standard Sensor version 3.x+ (Windows & macOS)
VMware Carbon Black Cloud Endpoint Standard introduced "canary files" into the sensor. The sensor seeds and monitors these files in various locations on the system to help in the detection of ransomware-like activity on the endpoint. If any of these files are modified, new file will be created automatically. See related articles below for more information.
Endpoint Standard: What are these $XXXXXXXX files found on a computer
Carbon Black Cloud: What are Canary Files
Carbon Black Cloud: Why Aren't Decoy/Canary Files Hidden?
Please sign in to leave a comment.