Ticket #740 (new defect)

Opened 9 years ago

Process names logged as UNKNOWN or <unknown> for numerous events

Reported by: SteveT Owned by: [email protected]
Priority: high Milestone:
Component: Capture Client Version: 2.5
Severity: major Keywords:
Cc:

Description

The process names for registry, file, and process events are sometimes recorded as <unknown> or UNKNOWN. The PID associated with the "UNKNOWN" processes are recorded as junk, like "4294967295". However the PID for the <unknown> processes are usually accurate. Please fix this because it completely throws off any analysis of the events.

Note: See TracTickets for help on using tickets.