Troubleshooting Agent/Server Backlog
Article ID: 286122
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Troubleshooting Agent and Server backlog
Environment
- App Control Server: All Supported Versions
Cause
Agent/Server backlog increases when there is an influx of file activity such as Windows Patching, OS upgrades, or other software deployments.
Resolution
- Verify the App Control Server is upgraded to the latest version.
- Use VMware Docs to verify the App Control Server is meeting:
- OER: Server Documentation > relevant version > Server Operating Environment Requirements.
- Disk Speed: Server Documentation > relevant version > SQL Server Configuration Guide > Validating Storage Performance
- Not meeting the OER (especially required disk thruput can cause unexpected backlog)
- Common Performance Pitfalls
- SQL Storage Requirements
- Architecture by Endpoint Count
- Consider creating an ABExclusion for PowerShell temporary files and events
- Consider creating an ABExclusion for .NET activity.
- Consider discarding information about Locally Approved support files at the Agent.
- Microsoft files may account for more than half (or more) of all of the files in the Windows environment.
- Audit for Custom Rules/Rapid Configs that are potentially triggering or generating Events more frequently than necessary.
If the issue persists, open a case with Support and provide the Database Logs For Performance Issues.
Feedback
Yes
No
Powered by
