EDR: Unexpected Results When Query Contains Original_Filename
Article ID: 288272
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
When executing a process search using original_filename and the filename contains a number before the period it will return incorrect results
Environment
- EDR Server: All Supported
Cause
This issue is caused by the way that the solr database handles the value for original_filename
Resolution
Placing the value REGSVR32.EXE in quotes will provide more correct results
Example:
Example:
original_filename:"REGSVR32.EXE"
Feedback
Yes
No
Powered by
