CB Response: All network connections are coming from a single process when filtered through a local Webproxy application

CB Response: All network connections are coming from a single process when filtered through a local Webproxy application

search cancel

CB Response: All network connections are coming from a single process when filtered through a local Webproxy application

book

Article ID: 287765

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Netconns from multiple processes appear under a single process in the Process Analysis Page.

Environment

CB Response Sensor: 5.X and higher
Websense Web Proxy: All Versions

Cause

Environment using local WebProxy application forwards traffic under a single process.
This behavior is due to a product limitation identified as CB-26729.

Resolution

Carbon Black will resolve CB-26729 in a future release.
Currently no workaround available.

Additional Information

The sensor's network driver observes network traffic initiations at a level higher than the Webproxy software.
From the sensor's point of view, the proxy server process is initiating all of the traffic.

Feedback

thumb_up Yes

thumb_down No