CB Response: Searching for unicode symbols in the cmdline field returns wrong results

CB Response: Searching for unicode symbols in the cmdline field returns wrong results

search cancel

CB Response: Searching for unicode symbols in the cmdline field returns wrong results

book

Article ID: 290208

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Search results are not consistent with the unicode commandline arguments used in search and present in the actual event

Environment

CB Response Server: All Versions
Linux: All Supported Versions

Cause

Search for unicode symbols in the cmdline field is not currently supported and can cause logic issues

Resolution

As a workaround, search for the symbol using the unicode code instead of the character
- Ex. 小 would be \u5c0f

Feedback

thumb_up Yes

thumb_down No