When users search for a specific hash value (MD5 value bd2103035a8xxx2390a78a431ba0c4 OR SHA256 value ceec12762e66397b56dad64fd270xxxb9cd665354383c0626dbab01), ATP returned many different files that were not associated with that hash.
For a very specific type of BASH events, ATP incorrectly mapped the above dummy hash to the file associated with the event. This resulted in search results against that hash to include inaccurate, unrelated files.
This issue is resolved in ATP 3.0. However, this issue will continue to occur on ATP databases prior to 3.0.