CB Response: Are Windows process event cmdline values truncated?
Article ID: 288049
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How many characters of a Windows cmdline command will the CB Response sensor capture?
Environment
- CB Response Windows Sensor: 6.2.1 and older
- Microsoft Windows: All supported versions
Resolution
CB Response Windows sensor 6.2.1 and older:
- 4096 characters
- 32k characters, which is the Windows OS limit.
Additional Information
For endpoints version 6.2.2 and above, there essentially is no limit.
Feedback
Yes
No
Powered by
