Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR Sensor: Version 7.3.0 and Higher

Objective

How to locate named pipes for file creation events.

Resolution

In the Console -> Process Search page, search recently executed processes for 'NamedPipeServer.exe' and/or 'NamedPipeClient.exe'
Click on the process name and navigate to the Process Analysis page
Locate the filemod create event for namedpipe under the 'NamedPipeServer.exe' entry (pipe name is : \device\namedpipe\cbnamedpipe)

Additional Notes

The 7.3.0 EDR Sensor has been updated to report named pipes for file creation events.

Related Content

https://docs.vmware.com/en/VMware-Carbon-Black-EDR/7.3.0/rn/vmware-carbon-black-edr-windows-sensor-7...
Reference 'Resolved Issues' in Release Notes- CB-34725: Updated sensor to report named pipes for file create events

Article Information

Author:

Creation Date:

‎04-27-2022

Views:

1161

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.