The field "edr_data_protocols" is not present in event type_id 8007 from SEP 14.2 RU2 client.

book

Article ID: 200341

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response

Issue/Introduction

The field "edr_data_protocols" is not present in event type_id 8007.

Steps to reproduce :
1. Enable netstat event recording in recorder configuration
2. On SEP client execute command : nslookup.exe non-existing.domain
3. In EDR UI, trigger process dump for nslookup.exe process on the test SEP client.
4. Once process dump is complete, check for field "edr_data_protocols" in event type id 8007

Expected Result:
edr_data_protocols field should be present

Actual Result:
edr_data_protocols field is not present

Environment

ATP Build : 4.4.0-177

SEP Client build: 14.2 RU2

Resolution

When tested with SEP 14.3 MP1, this field appears in the event displayed in EDR 4.4.0.

Upgrade to SEP 14.3 MP 1 or later.