Article Content
Article Number | 000026858 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Investigation RSA Version/Condition: 10.6.x Platform: CentOS O/S Version: EL6 |
Issue | Why does an extracted file appear as *.raw.exe in RSA Security Analytics? |
Resolution | Extracting files from sessions via the RSA Security Analytics Investigation UI produces files with file name *.raw.exe, e.g. 33525512115-9-0.raw.exe. This is because raw.exe is a placeholder name for when an exe is identified within a session but no discernible filename is present. For instance, the data channel session of FTP would contain just the file transfer but not the file name (which would be in the control channel session). |
Legacy Article ID | a66555 |