EDR: Mismatched process information between Process Search and Process Analysis pages
Article ID: 285984
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- The parent in Process Analysis changes when refreshing or selecting sibling / parent processes
- Searches by parent process may return processes with different parents
- Segments in the process document show different parents between segments
Environment
- EDR Windows Sensor 6.x and below
- EDR Linux Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
- Linux: All Supported Versions
Cause
This is a known issue for Windows Sensor that occurs when a process ID matches for two different processes - CB-18338
This is also a known issue for the EDR Linux Sensor that is being resolved in CB-21348
This is also a known issue for the EDR Linux Sensor that is being resolved in CB-21348
Resolution
- Upgrade Windows sensor to version 7.0.1 and above for the fix
- This issue targeted to be resolved in the 7.3.X Linux Sensor.
- There are no other workarounds
Feedback
Yes
No
Powered by
