Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000026858 - Why does an extracted file appear as *.raw.exe in RSA Security Analytics?

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Sep 27, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000026858
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Investigation RSA Version/Condition: 10.6.x Platform: CentOS O/S Version: EL6
Issue	Why does an extracted file appear as *.raw.exe in RSA Security Analytics?
Resolution	Extracting files from sessions via the RSA Security Analytics Investigation UI produces files with file name *.raw.exe, e.g. 33525512115-9-0.raw.exe. This is because raw.exe is a placeholder name for when an exe is identified within a session but no discernible filename is present. For instance, the data channel session of FTP would contain just the file transfer but not the file name (which would be in the control channel session).
Legacy Article ID	a66555

Attachments

Outcomes

0 Comments

Recommended Content