Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Process Type Counts do not match in the Investigate and Process Analysis Pages

Carbon Black Cloud: Process Type Counts do not match in the Investigate and Process Analysis Pages

Environment

Carbon Black Cloud Console: All Versions
  • Endpoint Standard (was CB Defense)
  • Enterprise EDR (was CB ThreatHunter)
  • Audit and Remediation (was CB LiveOps)
  • Managed Detection (was CB ThreatSight)

Symptoms

  • Process type counts (REGMOD,FILEMOD,NETCONN,MODLOAD,CHILDPROC, CRFOSSPROC, SCRIPTLOAD) do not match in the Investigate and Process Analysis Pages
  • Example 
    PROCESS c:\filepath\filename.exe
    
    Investigate Page
    REGMODS 0
    FILEMODS 7
    NETCONNS 4518
    MODLOADS 120
    CHILDPROCS 0
    CROSSPROC (not displayed)
    
    Process Analysis Page
    REGMODS 2
    FILEMODS 2,082
    NETCONNS 175,936
    MODLOADS 160
    CHILDPROCS (not displayed)
    CROSSPROC 8

Resolution

This is currently a known issue. This KB will be updated when more information and/or a fix is available.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-05-2020
Views:
370
Contributors