EDR: Netconns showing for a process that should not have netconns
search cancel

EDR: Netconns showing for a process that should not have netconns

book

Article ID: 285951

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Netconns are showing for processes that should not have netconn attempts like cat, grep, sed, etc. 

Environment

  • EDR Sensor: All Versions
  • Linux: All Versions
  • macOS: All Versions

Cause

Another process is calling multiple fork executes using the same process id

Resolution

CB-21348 has been created to add start time to the sensor checks for pids in order to split the behavior

Additional Information

  • Please subscribe to this article for updates and expected fix version
Powered by Wolken Software