EDR: the cmdline of a suppressed childproc is not visible on the process analysis page
search cancel

EDR: the cmdline of a suppressed childproc is not visible on the process analysis page

book

Article ID: 290664

calendar_today

Updated On:

Products

Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

When viewing the process analysis page that contains suppressed child processes, clicking on the childproc within the process tree graph does not update the cmdline information of the suppressed childproc.

Environment

  • EDR Server: All Versions
  • Suppression: Enabled in sensor groups

Cause

This is due to an issue with the product.

Resolution

  • This will be fixed in a future release of the EDR Server, currently scheduled for version 7.5.0. Once we have a target release date, this article will be updated.
  • As a workaround to viewing the suppressed childprocs cmdline, simply navigate to the childproc event on the same page and expand the event. The data is there - this is purely a UI issue.
Powered by Wolken Software