EDR: Zombie processes created by sensor
search cancel

EDR: Zombie processes created by sensor

book

Article ID: 286201

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Zombie processes created by the cbdaemon process
root      916240       1  1 Apr14 ?        17:36:34 /usr/sbin/cbdaemon
root      916246  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>
root      916262  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>
root      916276  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>

Environment

  • EDR (CB Response) Server: All Supported Versions
  • EDR Sensor: 7.1.0
  • Linux: All Supported Versions

Cause

VMware engineering team is aware of the issue and is investigating the cause.

Resolution

Fix to this issue will be released in 7.2.0+ sensor version. 

Additional Information


To check and verify for zombie processes are present, run the command below in terminal 
ps -ef | grep defunct

Output should look similar to:  
ps -ef | grep defunct 
root     3427391  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427401  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427421  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427430  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427442  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427475  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427493  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427526  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427547  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427594  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427613  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
Powered by Wolken Software