Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: The "translate" arrow in process analysis page does NOT decrypt when the "-EncodedCommand" operator is used, but it DOES when the /e or -e operators are used.

Carbon Black Cloud: The "translate" arrow in process analysis page does NOT decrypt when the "-EncodedCommand" operator is used, but it DOES when the /e or -e operators are used.

Environment

  • Carbon Black Cloud Console: All versions
  • Carbon Black Cloud Sensor: All Windows versions

Cause

This is Console issue TR-6805.

Resolution

Issue is currently in Engineering (as of January, 2023).

Additional Notes

Only the format "-EncodedCommandline" is problematic. The equivilant formats "/e" and "-e" decode properly.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-09-2023
Views:
359
Contributors