CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?
book
Article ID: 285609
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?
Environment
CB Threat Hunter Console: Current Version
CB Threat Hunter Sensor: 3.4.x
Resolution
Having (Unknown) listed in the "REGMODS", "FILEMODS", "NETCONNS", "MODLOADS", and "CHILDPROCS" are typically caused by viewing event data from devices on sensor versions below 3.4 in the Threat Hunter investigation page.
Upgrading the sensor to version 3.4.x should correct the issue.