Enterprise EDR: Process Analysis page is not showing correct parent process name for selected process
Article ID: 287681
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Process path showing at top of Process Analysis page does not match selected process.
- Selecting process in process tree displays correct process path in panel on right of page.
Environment
- Carbon Black Cloud
- Enterprise EDR (Formerly Threat Hunter)
- Carbon Black Cloud Sensor (v3.5+)
Cause
- Sensor incorrectly applying script replacement logic for processes resulting in Enterprise EDR reporting the process name incorrectly
- Ex. Winword.exe opens doc1.docx, sensor then shows any further activity as being from doc1.docx
Resolution
Upgrade to 3.6+ sensor version
Feedback
Yes
No
Powered by
