CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

search cancel

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

book

Article ID: 285609

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Environment

CB Threat Hunter Console: Current Version
CB Threat Hunter Sensor: 3.4.x

Resolution

Having (Unknown) listed in the "REGMODS", "FILEMODS", "NETCONNS", "MODLOADS", and "CHILDPROCS" are typically caused by viewing event data from devices on sensor versions below 3.4 in the Threat Hunter investigation page.
Upgrading the sensor to version 3.4.x should correct the issue.

Additional Information

If the issue persists, please contact support.

Feedback

thumb_up Yes

thumb_down No