logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: Process Analysis page is not showing correct parent process name for selected process

Enterprise EDR: Process Analysis page is not showing correct parent process name for selected process

Environment

  • Carbon Black Cloud
  • Enterprise EDR (Formerly Threat Hunter)
  • Carbon Black Cloud Sensor (v3.5+)

Symptoms

  • Process path showing at top of Process Analysis page does not match selected process.
  • Selecting process in process tree displays correct process path in panel on right of page.

Cause

  • Sensor incorrectly applying script replacement logic for processes resulting in Enterprise EDR reporting the process name incorrectly
    • Ex. Winword.exe opens doc1.docx, sensor then shows any further activity as being from doc1.docx

Resolution

Upgrade to 3.6+ sensor version

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-21-2021
Views:
308
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.