000032411 - Extracting files from SMB2 sessions results in incomplete files in RSA Security Analytics 10.x.

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032411
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Packet Decoder, Packet Hybrid, Packet AIO
RSA Version/Condition: 10.3.x, 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
IssueWhen files are extracted from SMB2 sessions in Security Analytics Investigation, some files are found to be incomplete.

CauseThe problem is due to the decoder service not processing the previous response data when the current buffer contains new requests.
ResolutionThe issue is currently under investigation by RSA and the fix is targeted to be included in which is tentatively scheduled to be released by Q1 2016.