logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: Why does the path in the command line field not match what is listed in the event?

CB Defense: Why does the path in the command line field not match what is listed in the event?

Environment

  • CB Defense Console: Current Version
  • CB Defense Sensor: 2.x and Higher

Question

Why does the path in the command line field not match what is listed in the event?

Answer

The sensor could be reporting the absolute path, which in the case of mapped drives, tend to be the share path. Whereas the commandline used by the program may reference the mapped drive directly.

Additional Notes

  • Commandline arguments may differ depending on how a share was mapped to the system and at what point in the path it was mapped.
  • Example:
    • What the sensor sees and displays in the event data
      • \\Company\Share\For\Data\important.csv
    • What could be displayed as part of the "Commandline":
      • For a drive mapped at \\Campany\Share:
        • Z:\For\Data\important.csv
      • Drive mapped at \\Company\Share\For\:
        • Z:\Data\important.csv

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-07-2019
Views:
406
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.