Environment
- Carbon Black Response Server: All Versions
- Carbon Black Event Forwarder: All Versions
Question
Why do Procend or Procstarts still send from cb-event-forwarder when disabled?
Answer
When Procend or Procstart is disabled in the cb-event-forwarder the disabled both events will still send. These event use the alias "process" at the ingress of the events.
Related Content
