There are three options for crash data uploads, and two options for diagnostics and environment data:

• Disabled – The default setting for each diagnostics type. Neither automatic crash file uploads nor manual triggering of any uploads is available.
• Manual – You manually start the sensordiag utility tool via the command line. No data is automatically uploaded. Running the tool collects and uploads the data type that is specified by a command-line switch (Crash, Diagnostic, Environment, or any combination).
• Automatic – The sensor automatically collects and uploads crash data when a crash is detected on the sensor. Although diagnostic and environment data cannot be uploaded automatically, selecting Automatic also enables the sensordiag utility so that you can manually collect and upload these data types.

File Transfer and Security

Each collection of sensor diagnostic files is packaged as a zip file on the sensor before uploaded to the Carbon Black EDR server. From the Carbon Black EDR server, uploaded sensor diagnostic files are sent to the Carbon Black cloud, and are encrypted until and unless they are accessed by authorized Carbon Black representatives.

To avoid sending oversized files over an HTTP request, the uploaded file size is limited to 5MB. Files larger than 5MB are split into multiple files during transit.

Files are uploaded to the Carbon Black EDR server on first-come-first-serve basis. Only one file can be uploaded to a server at a time. If additional sensors check in for an upload while an upload is already in progress, a “Try Again” message is sent to sensor so that it can try again at a later time. In a clustered environment, multiple simultaneous uploads are possible.

After the upload succeeds, the zip file is removed from the sensor.