Carbon Black Cloud: FILE_SIGNATURE_STATE_SIGNED Query May Display Errant Results
search cancel

Carbon Black Cloud: FILE_SIGNATURE_STATE_SIGNED Query May Display Errant Results

book

Article ID: 292368

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

When searching events using FILE-SIGNATURE-STATE-SIGNED or FILE-SIGNATURE-STATE-UNSIGNED incorrect results will be returned

Environment

  • Carbon Black Cloud Console: All Versions
  • Endpoint Standard: 3.4.0+
  • Endpoint EDR: 3.4.0+

Cause

Known issue 

Resolution

  • The workaround is to use modload_publisher_state, filemod_publisher_state, or scriptload_publisher_state
  • This is being worked on with EA-16721 and will be updated once it is resolved
Powered by Wolken Software