Troubleshooting Agent/Server Backlog
Article ID: 286122
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Troubleshooting steps to take when Agent and/or Server Backlog is consistently above the Threshold.
Environment
- App Control Server: All Supported Versions
Cause
Agent/Server backlog increases when there is an influx of file activity such as Windows Patching, OS upgrades, or other software deployments.
Resolution
|
Reminder: Some Backlog is expected, as Agents will always generate File and Event data for the Server to process. These steps should be taken when Backlog is consistently above the Threshold. |
- Verify the App Control Server is upgraded to the latest version.
- Use Tech Docs to verify the App Control Server is meeting:
- OER: Server Documentation > relevant version > Server Operating Environment Requirements.
- Disk Speed: Server Documentation > relevant version > SQL Server Configuration Guide > Validating Storage Performance
- Not meeting the OER (especially required disk thruput can cause unexpected backlog)
- Common Performance Pitfalls
- SQL Storage Requirements
- Architecture by Endpoint Count
- Consider creating an ABExclusion for PowerShell temporary files and events
- Consider creating an ABExclusion for .NET activity.
- Consider discarding information about Locally Approved support files at the Agent.
- Microsoft files may account for more than half (or more) of all of the files in the Windows environment.
- Check for any Drift Reports (Reports > Baseline Drift > Reports) that are no longer needed, and Disable accordingly.
- Audit for Custom Rules/Rapid Configs that are potentially triggering or generating Events more frequently than necessary.
Feedback
Yes
No
Powered by
