Environment
- EDR Server: 7.5.x
Symptoms
- 400 HTTP Error received when attempting to add a watchlist with either '=' or '%' symbols in the watchlist. This primarily occurs on the Watchlists UI page.
- Error observed in UI:
Cause
- Defect causes error during URL encoding, which can cause the error below which can be observed when looking at a .har file of the upload/save attempt.
"The query_string contains a bare '%' which should be '%25'"
Resolution
- This is a current defect and will be addressed in a future version of EDR.
- To workaround the issue:
- Go to the Process Search page in the EDR UI.
- Search for the Query that's needed to become a watchlist.
- Click the 'Create Watchlist' button on the right side of the UI.
- Fill in the appropriate details and save.
- Note: If any edits need to be done to the watchlist after addition, removal of the watchlist and adding it back in per the steps above will be required until the defect is fixed in an upcoming EDR release.
Thank you for your feedback.
Your feedback has been submitted and will be reviewed.