Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

CB Threat Hunter Console: Current Version
CB Threat Hunter Sensor: 3.4.x

Question

Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Answer

Having (Unknown) listed in the "REGMODS", "FILEMODS", "NETCONNS", "MODLOADS", and "CHILDPROCS" are typically caused by viewing event data from devices on sensor versions below 3.4 in the Threat Hunter investigation page.
Upgrading the sensor to version 3.4.x should correct the issue.

Additional Notes

If the issue persists, please contact support.

Knowledge Base

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Endpoint Standard

Knowledge Base

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Endpoint Standard

Thank you for your feedback.

Thank you for your feedback.