Cb ThreatHunter: How to search for processes with name changes
Article ID: 287923
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
How to find processes with possible name changes
Environment
- Carbon Black ThreatHunter PSC Console: All Versions
Resolution
In the Investigate page use the search parameter "process_file_description"
process_file_description:notepad
Additional Information
The process_file_description searches from the resource file of the process executable.
Feedback
Yes
No
Powered by
