EDR: Windows Sensor not Detecting Carets Used in the Command Line
Article ID: 285960
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Process search for the caret character in the command line does not return any results
Environment
EDR Windows Sensor: All Versions
Cause
Special Character such as the caret are removed from the command line by the operating system
Resolution
This is a result of the operating system and not an issue with the sensor
Additional Information
- Attackers may use the caret in the command line as an obfuscation technique
- The sensor will still capture the command line, but without the caret
Feedback
Yes
No
Powered by
