Carbon Black Cloud: Slow sensor performance with version 3.7.0.1253
search cancel

Carbon Black Cloud: Slow sensor performance with version 3.7.0.1253

book

Article ID: 285937

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • System slowness
  • Opening system utilities (such as Task Manager, Explorer, etc) takes up to a minute to open
  • Placing the sensor in "BYPASS" mode fixes the slowness.

Environment

  • Carbon Black Cloud sensor: 3.7.0.1253
    • Endpoint Standard
    • Audit and Remediation
  • Microsoft Windows 10 x64 Professional 

Cause

Delays were caused by corruption in the native Microsoft Cryptographic Services database

Resolution

  1. Stop the Cryptographic Services service
  2. Move the contents of "C:\Windows\System32\catroot2" to another location, keeping the files as a backup until the contents have rebuilt properly
  3. Restart the Cryptographic Services service

Additional Information

If the problem persists, try the following steps:
  1. Rebuild search index on the device, as well as purge old Windows 10 update files
    • To rebuild search index: 
    • Open the Indexing Options screen in windows
    • Hit “Advanced” at the bottom
    • Select the “Rebuild” option in troubleshooting
  2. To flush the older Windows Updates:
    • Open the Disk Cleanup Utility
    • Select the option in the bottom left to “Clean up System Files”
    • Wait for the information to populate
    • Select all options, then hit “OK”
    • Confirm the deletion of the files
    • Reboot the device once completed
  3. Apply Microsoft February 2021 patches – KB4598291 and KB4598299 (related to ESENT 642 event log warnings)
  4. If the none of the above resolves the issue, collect a full memory dump, Process Monitor capture and WPR trace while reproducing the issue and open a case with Support
Powered by Wolken Software