logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response: Are Windows process event cmdline values truncated?

CB Response: Are Windows process event cmdline values truncated?

Environment

  • CB Response Windows Sensor: 6.2.1 and older
  • Microsoft Windows: All supported versions

Question

How many characters of a Windows cmdline command will the CB Response sensor capture?

Answer

CB Response Windows sensor 6.2.1 and older:
  • 4096 characters
CB Response Windows sensor 6.2.2 and newer:
  • 32k characters, which is the Windows OS limit.

Additional Notes

For endpoints version 6.2.2 and above, there essentially is no limit. 

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
283
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.