EDR: Watchlist alert directs to non-matching process
Article ID: 290099
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- The Process Analysis page of the event does not match the watchlist search
- The process document lists multiple different results with different processes
Environment
- EDR Server: All supported versions (Formerly CB Response)
- EDR Sensor: 6.x
Cause
A bug in handling duplicate pids for processes on the sensor - CB-18338
Resolution
Upgrade to sensor version 7.x or higher
Feedback
Yes
No
Powered by
