Endpoint Standard: Alert Only Shows the Hash of a Child Process
search cancel

Endpoint Standard: Alert Only Shows the Hash of a Child Process

book

Article ID: 289548

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Observation for a childproc event assigned to an Alert ID does not contain a filename, command line, or PID, and instead only displays the SHA256 hash, process username, and file reputation.

Environment

  • Carbon Black Cloud Console: All Versions

Cause

This issue is currently under investigation by Carbon Black engineers and understood to be a discrepancy in how the data is populated from the API.

Resolution

No workaround is available at this time.

Additional Information

If the unknown hash's process name is not found elsewhere in the Console by searching the hash on the Investigate page, it can also be searched in VirusTotal, or other search engine, for identification.
Powered by Wolken Software