Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: TTP AMSI_PROCESS_INJECTION not shown in Alerts Page

Carbon Black Cloud: TTP AMSI_PROCESS_INJECTION not shown in Alerts Page

Environment

  • Carbon Black Cloud Console: All supported versions
  • Carbon Black Cloud Windows Sensor: 3.6 and Higher
  • Microsoft Windows 10 1703 and Higher
  • Microsoft Windows Server 2016: Version 1709 and Higher

Symptoms

TTP AMSI_PROCESS_INJECTION is not shown in Alerts Page but can be seen in related events in Investigate Page.

Cause

Data resource is not all the same for Alerts Page and Investigate Page, which caused the difference in TTP presenting.

Resolution

It is working as the current design, and will be improved by new design in future release.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎01-09-2022
Views:
449
Contributors