logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: <CmdlineAnyArgument>: Macro Fails When Using Multiple Arguments

App Control: <CmdlineAnyArgument>: Macro Fails When Using Multiple Arguments

Environment

  • App Control Console: All Supported Versions
  • Microsoft Windows: All Supported Versions

Symptoms

When using the <CmdLineAnyArgument:X> macro with multiple arguments in a custom rule process, the rule does not tag the matching events correctly.

Cause

<CmdLineAnyArgument:X> macro is being applied to each token in cmdline and it will try to match against two tokens due to the space between multiple arguments

Resolution

Use the <CmdLine:X> macro, it is able to support multiple arguments in the same command line value

Additional Notes

  • An additional investigation is being launched into the usage of the <CmdLineAnyArgument:X> macro to validate and fix this issue. No update available at this time.
  • Example of using <CmdLine:X> macro because there are multiple arguments:  
    <OnlyIf:Bit9Version:Atleast:8.0.0.0><CmdLine:Get-WinEvent -LogName>cmd.exe

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-21-2019
Views:
432
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.