EDR: Are the MD5s of scripts run by powershell and wscript captured?
Article ID: 289958
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Does the EDR sensor collect MD5 data of fileless script attacks executed through services like Wscript and Powershell?
Environment
- EDR Server: All versions (Formerly CB Response)
- EDR Sensor: 7.1 and lower
- Microsoft Windows: All supported versions
Resolution
No. Future sensor versions will have better visibility into command line executions
Feedback
Yes
No
Powered by
