File Metadata Contains Unicode Characters
Article ID: 368956
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Files in the Console are showing unexpected, or Unicode Characters in fields for Product Name, Company, or Publisher. Example:
- Product Name: [IEqqr][Μΐ¢řōśòƒτ (Ř) Ẁîʼnđŏωş (Ґ) Òφėřäťîηğ Ѕўśτęм !!! !!! !!! ]
- Publisher or Company: [GLg3l][Μį¢řοѕôƒτ Ćόѓφόřâтîбπ !!! !]
Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
Cause
The endpoint (where these files were first discovered) did not have the relevant Language Pack installed. The Server will group the associated antibodies together under the same Product Name, Publisher or Company.
Resolution
By design there is no method for updating or changing a Product Name, Publisher or Company for the file's data in the App Control Database.
Additional Information
The following steps can be used to locate the relevant files, based on the article's Product Name example:
- Run SQL Server Management Studio as the Carbon Black Service Account
- Use the following query:
USE das;
SELECT TOP 20
HM.hostname, HM.deleted, FC.First_Created, FC.Sha256, FC.First_Seen_Path, FC.First_Seen_Name, FC.Product_Name, FC.Publisher, FC.Company, FC.Publisher_or_Company
FROM bit9_public.ExFileCatalog FC (nolock)
LEFT JOIN
dbo.hostmain HM (nolock)
ON
HM.host_id = FC.First_Seen_Computer_id
WHERE
FC.Publisher_or_Company like '%GLg3l%'
--FC.Product_Name like '%Eqqr%' --Use the Product Name instead of Publisher
AND FC.Prevalence > 0 --Files still exist
AND HM.deleted = 0 --Endpoint still active - Locate the file on the endpoint (example, Windows machine).
- Right click the file > Properties > Details tab.
- Compare the File Details in Windows against the details in the database. Example:
Feedback
Yes
No
Powered by
