EDR: Does the Windows sensor capture netconns when running a process that has embedded shell code?
search cancel

EDR: Does the Windows sensor capture netconns when running a process that has embedded shell code?

book

Article ID: 289147

calendar_today

Updated On:

Products

Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Does the Windows sensor capture netconns when running a process that has embedded shell code?

Environment

  • EDR Server: All Versions
  • EDR Windows Sensor: 7.2.x and lower
  • Windows OS: All Supported Versions

Resolution

Starting again in 7.3.0-win sensor, the netconn communication will be collected and available in the EDR UI console.

Additional Information

In version 7.2.0-win and lower the netconns related to a process that has embedded shell code were more obvious in the UI; however, it was changed in the 7.2.x branches to only capture established netconns. This additional visibility was requested to be brought back and was improved in 7.2.2-win and fully restored in 7.3.0-win.
Powered by Wolken Software