CB Response: Command Line Displayed Incorrectly In UI and Event Forwarder Data For Childproc Started Event
search cancel

CB Response: Command Line Displayed Incorrectly In UI and Event Forwarder Data For Childproc Started Event

book

Article ID: 287722

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Mismatch between a process name/md5 and the cmdline shown in the UI and Event Forwarder data.  
  • Relates to processes that fork/exec other processes.

Environment

  • CB Response Server:  6.2.0 and Higher
  • CB Response Sensor: All Supported Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions

Cause

This is a known issue, currently in Engineering as CB-17152.

Resolution

A solution is under investigation by Engineering; this article will be updated as further information is known.

Additional Information

There are no known workarounds to this issue at this time.
Powered by Wolken Software