Environment
Carbon Black Cloud Console: All Versions
- Endpoint Standard (was CB Defense)
- Enterprise EDR (was CB ThreatHunter)
- Audit and Remediation (was CB LiveOps)
- Managed Detection (was CB ThreatSight)
Symptoms
- Process type counts (REGMOD,FILEMOD,NETCONN,MODLOAD,CHILDPROC, CRFOSSPROC, SCRIPTLOAD) do not match in the Investigate and Process Analysis Pages
- Example
PROCESS c:\filepath\filename.exe
Investigate Page
REGMODS 0
FILEMODS 7
NETCONNS 4518
MODLOADS 120
CHILDPROCS 0
CROSSPROC (not displayed)
Process Analysis Page
REGMODS 2
FILEMODS 2,082
NETCONNS 175,936
MODLOADS 160
CHILDPROCS (not displayed)
CROSSPROC 8
Resolution
This is currently a known issue. This KB will be updated when more information and/or a fix is available.
Related Content