Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032411 - Extracting files from SMB2 sessions results in incomplete files in RSA Security Analytics 10.x.

Document created by RSA Customer Support

on Jun 30, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032411
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Security Analytics UI, Packet Decoder, Packet Hybrid, Packet AIO RSA Version/Condition: 10.3.x, 10.4.x, 10.5.x Platform: CentOS O/S Version: EL6
Issue	When files are extracted from SMB2 sessions in Security Analytics Investigation, some files are found to be incomplete.
Cause	The problem is due to the decoder service not processing the previous response data when the current buffer contains new requests.
Resolution	The issue is currently under investigation by RSA and the fix is targeted to be included in 10.6.0.2 which is tentatively scheduled to be released by Q1 2016.

Attachments

Outcomes

0 Comments

Recommended Content