Carbon Black Cloud: Process Type Counts do not match in the Investigate and Process Analysis Pages

search cancel

Carbon Black Cloud: Process Type Counts do not match in the Investigate and Process Analysis Pages

book

Article ID: 291997

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Process type counts (REGMOD,FILEMOD,NETCONN,MODLOAD,CHILDPROC, CRFOSSPROC, SCRIPTLOAD) do not match in the Investigate and Process Analysis Pages

Example

PROCESS c:\filepath\filename.exe

Investigate Page
REGMODS 0
FILEMODS 7
NETCONNS 4518
MODLOADS 120
CHILDPROCS 0
CROSSPROC (not displayed)

Process Analysis Page
REGMODS 2
FILEMODS 2,082
NETCONNS 175,936
MODLOADS 160
CHILDPROCS (not displayed)
CROSSPROC 8

Environment

Carbon Black Cloud Console: All Versions

Endpoint Standard (was CB Defense)
Enterprise EDR (was CB ThreatHunter)
Audit and Remediation (was CB LiveOps)
Managed Detection (was CB ThreatSight)

Resolution

This is currently a known issue. This KB will be updated when more information and/or a fix is available.

Feedback

thumb_up Yes

thumb_down No