EDR: MD5 hash for filemod actions that modify a file signature are not shown in console
search cancel

EDR: MD5 hash for filemod actions that modify a file signature are not shown in console

book

Article ID: 289177

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When modifying the signature of a file, by modifying the number or compiling it, a special filemod action should be generated by the sensor and sent to the server. The server fails to render this MD5 in the UI, even though it seems to be present in Solr database.

Environment

  • EDR Server: 7.6.0-svr and 7.6.1-svr
  • Linux OS: All Supported Versions

Cause

EDR Server event processing could not properly handle filemod actions that had associated MD5s in all situations.

Resolution

Issue was resolved in CB-37555 and upgrading to 7.6.2-svr will fix the behavior.
Powered by Wolken Software