Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response: Are Windows process event cmdline values truncated?

CB Response: Are Windows process event cmdline values truncated?

Environment

  • CB Response Windows Sensor: 6.2.1 and older
  • Microsoft Windows: All supported versions

Question

How many characters of a Windows cmdline command will the CB Response sensor capture?

Answer

CB Response Windows sensor 6.2.1 and older:
  • 4096 characters
CB Response Windows sensor 6.2.2 and newer:
  • 32k characters, which is the Windows OS limit.

Additional Notes

For endpoints version 6.2.2 and above, there essentially is no limit. 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
164
Contributors