logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Enterprise EDR: Process Analysis page is not showing correct parent process name for selected process

Enterprise EDR: Process Analysis page is not showing correct parent process name for selected process

Environment

  • Carbon Black Cloud
  • Enterprise EDR (Formerly Threat Hunter)
  • Carbon Black Cloud Sensor (v3.5+)

Symptoms

  • Process path showing at top of Process Analysis page does not match selected process.
  • Selecting process in process tree displays correct process path in panel on right of page.

Cause

  • Sensor incorrectly applying script replacement logic for processes resulting in Enterprise EDR reporting the process name incorrectly
    • Ex. Winword.exe opens doc1.docx, sensor then shows any further activity as being from doc1.docx

Resolution

Upgrade to 3.6+ sensor version

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-21-2021
Views:
370
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.