EDR: Search results show as unknown with pid of -1, but loads successfully in Process Analysis

EDR: Search results show as unknown with pid of -1, but loads successfully in Process Analysis

search cancel

EDR: Search results show as unknown with pid of -1, but loads successfully in Process Analysis

book

Article ID: 285992

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Process result from search shows unknown process name, a pid of -1, and an unknown username. Process Analysis page shows up just fine.
Segments in the process document with a process_pid of -1 also have a ref_segment_id field
Event has been tagged by a feed

Environment

EDR Server: 6.3 and Higher
Apple Mac os: All Supported Versions
Microsoft Windows: All Supported Versions
Linux: All Supported Versions

Cause

Server side issue causes new process segments after a feed tab to not include information such as the process ID - CB-27614

Resolution

There are no workarounds at this time. A future update to the server back-end will resolve this issue

Feedback

thumb_up Yes

thumb_down No