EDR: Sensor Showing Excessive Event Loss
Article ID: 285964
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
Why do several of my sensors show excessive event loss, but when I refresh the console they show Health 100/100
Environment
- EDR Sensor: All Versions
- Windows: All Supported
Resolution
- The sensor drivers load much sooner than the user mode service
- This leaves the user mode service playing catch to the events that the driver has generated
- Once the service has caught up on events the health will change to the more correct level
Feedback
Yes
No
Powered by
