EDR: Zombie processes created by sensor
search cancel

EDR: Zombie processes created by sensor

book

Article ID: 286201

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Zombie processes created by the cbdaemon process
root      916240       1  1 Apr14 ?        17:36:34 /usr/sbin/cbdaemon
root      916246  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>
root      916262  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>
root      916276  916240  0 Apr14 ?        00:00:00 [ECStateEngine] <defunct>

Environment

  • EDR (CB Response) Server: All Supported Versions
  • EDR Sensor: 7.1.0
  • Linux: All Supported Versions

Cause

VMware engineering team is aware of the issue and is investigating the cause. 

Resolution

This fix to this issue will be release in 7.2.0 sensor version. 

Additional Information


To check and verify for zombie processes are present, run the command below in terminal 
ps -ef | grep defunct

Output should look similar to:  
ps -ef | grep defunct 
root     3427391  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427401  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427421  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427430  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427442  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427475  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427493  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427526  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427547  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427594  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
root     3427613  916240  0 May24 ?        00:00:00 [ECStateEngine] <defunct>
Powered by Wolken Software