Searches using some binary terms (digsig_publisher or file_desc) combined with negation of a term group containing spaces may return inaccurate results.  Other binary search terms, such as md5, work as expected.

• Examples:

  digsig_publisher:M* and –group:”Default Group”
  or
  file_desc:M* and -(group:"Research Network")

• Carbon Black EDR Console: 7.7.2 to 7.8.1

• Upgrade to 7.9.0 for the fix. 
• Potential workaround for 7.8.1 and below:  Confirm results by determining the total (without negation) then subtract the search results using positive terms. 

  For example using the same timeframe:
  Search 1: digsig_publisher:M* 
  Search 2: digsig_publisher:M* and (group:”Group1” or group:”Group2”)
  Removing the results in search 2 from search 1 provides the correct results.