Carbon Black Cloud: The "translate" arrow in process analysis page does NOT decrypt when the "-EncodedCommand" operator is used, but it DOES when the /e or -e operators are used.
search cancel

Carbon Black Cloud: The "translate" arrow in process analysis page does NOT decrypt when the "-EncodedCommand" operator is used, but it DOES when the /e or -e operators are used.

book

Article ID: 286866

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

The "translate" arrow in process analysis page does NOT decrypt when the "-EncodedCommand" operator is used, but it DOES when the /e or -e operators are used.

Environment

  • Carbon Black Cloud Console: All versions
  • Carbon Black Cloud Sensor: All Windows versions

Cause

This is Console issue TR-6805.

Resolution

Issue is currently in Engineering (as of January, 2023).

Additional Information

Only the format "-EncodedCommandline" is problematic. The equivilant formats "/e" and "-e" decode properly.
Powered by Wolken Software