EDR Sensor: Windows parent process names are not sent to the server
search cancel

EDR Sensor: Windows parent process names are not sent to the server

book

Article ID: 285747

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Parent process name does not appear in the EDR web interface or SIEM's connected via the Event Forwarder. 
  • Watchlists and process searches for parent_name: result in 0 hits. 
  • Watchlists and process searches for -parent_name: will result in false positives. 
  • parent_name is not sent from the Sensor to the EDR server.

Environment

  • EDR Sensor: 7.0.0
  • Microsoft Windows: All supported versions

Cause

The root cause is a known defect, tracked as CB-31821.

Resolution

  • Downgrade to EDR Sensor version 6.2.5.

Additional Information

  • EDR Sensor 7.0.1 (estimated delivery July 7, 2020) will contain the fix to this issue. 
Powered by Wolken Software