Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black filemod event from /tmp missing the root '/' character on OS X Sensors

Carbon Black filemod event from /tmp missing the root '/' character on OS X Sensors

Version
This solution applies to Carbon Black OS X Sensor versions earlier than v5.1.


Issue

Carbon Black filemod event from /tmp missing the root '/' character on OS X Sensors.

 

Symptoms

For example while investigating a filemod event for the file "/tmp/test.txt", a filemod event would appear as (note the missing '/' character in the beginning of the path):

private/tmp/test.txt


Cause
The file system uses a symlink for the /tmp directory to /private/tmp.

Solution

None. A fix is planned for v5.1 of the OS X Sensor. Refer to defect OSX-185 in future release notifications.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-11-2015
Views:
577
Contributors