This topic describes uploading files from agents.

In all active modes, Carbon Black App Control provides the ability to monitor the propagation of software and generate audit trails of activity. In some cases, information you see during monitoring might lead to a need to access the actual file involved in certain activities. With the optional Upload Files feature, you can upload a copy of any file to the Carbon Black App Control Server from a computer running Carbon Black App ControlAgent 7.0.0 or later.

Access to the Upload Files feature requires application of a special license key, either for File Uploads alone or as part of the Carbon Black App Control Connector license. See Managing App Control Licenses for instructions on applying licenses.

Note:
  • The ability to send a file to third-party devices or services for analysis uses the File Upload feature. However, uploads initiated by a request for analysis are not displayed in the file upload user interface, and are not discussed here. See App Control Connector for information on the process involved in uploading files for analysis.
  • Diagnostic files may be uploaded from agent computers, and in special cases, from the server. These are cataloged on a separate tab from general file uploads, but much of the user interface for acting on them is the same.

Enabling Access to File Upload Features

Caution:
  • Permission for these features is not granted by default to the admin account or users with Administrator or Administrator (Unified Management) roles. You must explicitly add these permissions.
  • While other Carbon Black App Control features provide data about files on agent-managed computers, these features allow a console user with the appropriate privileges to upload the actual file. These features should be used with extreme care, and in full compliance with your organization's policy on accessing other users’ files. Be sure that only those Carbon Black App Control Console users that absolutely need access to the features are given permission to use them.

The following permissions control access to File Upload features:

  • Tools/View file uploads – Ability to view uploaded files on the Requested Files page.
  • Tools/Manage uploads of inventoried files – Ability to initiate manual file uploads from agent computers, and to create event rules that upload files. This permission applies only to files considered “interesting” (i.e., executables and scripts) by Carbon Black App Control.
  • Tools/Manage uploads of files by pathname – Ability to initiate manual file uploads from agent computers. This permission enables uploading of a file by its pathname, even if not in the Carbon Black App Control inventory.
  • Tools/Access uploaded files – Ability to download files uploaded to the server.

See User Role Permissions for details on enabling feature access.