Environment
Symptoms
Example:
The following query does not return any results
fileless_scriptload_cmdline:Net.WebClient
To get the results the following will work
fileless_scriptload_cmdline:*Net.WebClient*
NOTE:
For the successful query to work disable the feature "Block Searches with Leading Wildcards" in settings->Advanced Settings
Cause
fileless_scriptload_cmdline field is not Tokenized
Resolution
This issue is resolved with EDR Server build 7.7.0
Additional Notes
Related Content