ET
08/06/2020, 9:20 AMtheopolis
08/06/2020, 2:32 PMET
08/06/2020, 2:40 PM// Carbon Black registry path
const std::string kCbRegLoc = "SOFTWARE\\CarbonBlack\\config";
...
queryKey("HKEY_LOCAL_MACHINE\\" + kCbRegLoc, results);
Josh Hartwell
08/06/2020, 4:01 PM// Carbon Black registry path
const std::string kCbRegLoc = "SOFTWARE\\CarbonBlack\\config";
Is the correct location for the Carbon Black EDR product.
• Formerly Carbon Black Response
• Formerly the original "Carbon Black" company pre-mergers/pre-acquisitions.
So it appears the carbon_black_info table is specific to the Carbon Black EDR Product.
So likely could do with some naming/description updates in order to avoid confusion.
I'm guessing your client has either CB Cloud or CB App Control products, and not the CB EDR Product?seph
08/06/2020, 6:28 PMMike Myers
08/06/2020, 6:59 PMwindows_security_products
could be security_products
and expanded