EDR: How to enable filter for known modloads from the console
Article ID: 284834
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Configure filter for known modloads from the console to reduce load on EDR server having performance issues
Environment
- EDR
- Hosted EDR
- Mac: All supported versions
- Windows: All supported versions
Resolution
- Select "Sensors" from the menu pain
- Select sensor group settings by clicking the "Gear" next to sensor group
- Click "Advanced" tab
- Select "Filter Known Modloads" and save
Additional Information
Enabling this setting will filter out known modloads reducing the resource load on the EDR server
The setting is most important for Mac as they create the most noise.
The filter can be used in Windows environments generating heavy modload activity
This is a typical cause of an EDR and hosted EDR server crashing due to high CPU rendering it inaccessible at login
When searching the users guide use search term "modloads" for more information
The setting is most important for Mac as they create the most noise.
The filter can be used in Windows environments generating heavy modload activity
This is a typical cause of an EDR and hosted EDR server crashing due to high CPU rendering it inaccessible at login
When searching the users guide use search term "modloads" for more information
Feedback
Yes
No
Powered by
