CBC: Why is a powershell.exe event missing an "invoked" argument in the cmdline?
search cancel

CBC: Why is a powershell.exe event missing an "invoked" argument in the cmdline?

book

Article ID: 288172

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Why is a powershell.exe event missing an "invoked" argument in the cmdline as below (for running the "hostname" command) 
The application C:\windows\system32\windowspowershell\v1.0\powershell.exe invoked the application C:\windows\system32\hostname.exe.

 

Environment

  • CBC Sensor: All versions
  • CBC Console: All versions:
  • Windows: All versions

Resolution

If powershell is launched from a taskbar, it will appear as an event without the usual "invoked {some command here}. 
Powered by Wolken Software