|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics UI, Packet Decoder, Packet Hybrid, Packet AIO
RSA Version/Condition: 10.4.x, 10.5.x
O/S Version: EL6
|Issue||When files in SMB sessions are extracted from the Investigation, some appear to be incomplete or corrupted and have different hash values compare to the original files'.|
Some other files are complete and have the same hash values as the original.
The issue is noticed with the use of the latest native SMB, SMB flex or SMB LUA parsers.
|Cause||When an SMB session is processed and saved across multiple sessions by the Decoder, the Decoder does not extract the entire files from these sessions in response to a content call initiated by the Investigation. Hence some of the extracted files appear to be incomplete or corrupted.|
|Resolution||This issue is currently being investigated by the Engineering team in order to resolve it in a future release. If you are experiencing this issue, contact RSA Support and quote this article number for further assistance.|
|Workaround||There is no known workaround at present.|