Carbon Black Cloud: Pagefile grows when 3.4.0.1097 or higher sensor is installed
book
Article ID: 285050
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Show More
Show Less
Issue/Introduction
Pagefile.sys is seen to increase in size when 3.5.0.X and Higher sensor is installed
Environment
Carbon Black Cloud Sensor: 3.4.0.1097 and Higher Versions. Microsoft Windows: All Supported Versions
Cause
The 3.5.0.X sensor has the identified issue of changing memory dump type from 'Automatic' to 'Complete' memory dump ().
Resolution
Option 1:
Put the sensor into Bypass mode Edit C:\Program Files\Confer\cfg.ini file Add the following
ConfigureMemoryDumpSettings=0
Change system dump settings to default (automatic memory dump)
Go to Advanced System Settings > Advanced > Startup & Recovery >Settings > Write Debug Info Set to value to "Automatic" Click OK
Reboot the endpoint to confirm memory dump settings are still set to automatic and that the disk space has been reclaimed.
Option 2:
On install of sensor 3.5.0.1680 maintenance release or newer where the ability to configure this via a command line install is available.
msiexec /q /i C:\xxxxx\installer_vista_win7_win8- 32-3.5.0.xxxx.msi /L* log.txt COMPANY_CODE=XYZ AUTO_CONFIG_MEM_DUMP=0
Additional Information
If the memory dump is set to complete, the OS has to allocate enough space in the pagefile to store the entire contents of memory which is 1 x RAM plus 275 MB
Feedback
thumb_up
Yes
thumb_down
No