logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: The Auth Events Remote Device Name is the Name of the Local Device

Carbon Black Cloud: The Auth Events Remote Device Name is the Name of the Local Device

Environment

  • Carbon Black Cloud: All Supported Sensors
  • Microsoft Windows: Windows 10 and 11

Symptoms

The "Remote Device" value in the Auth Events being populated by the local computer name

Cause

The sensor is populating this from information provided by the OS Event ID 4624 which is displaying the incorrect value

Resolution

  • Per this article the "Workstation Name" should be populated by the machine name from which a logon attempt was performed
  • For an unknown reason Windows may populate this value with the local machine name instead
  • No known resolution at this time please reach out to Microsoft if additional information is needed

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-21-2024
Views:
65
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.