EDR: AV Exclusion Directories for Cluster Servers
search cancel

EDR: AV Exclusion Directories for Cluster Servers


Article ID: 286301


Updated On:


Carbon Black EDR (formerly Cb Response)


What path should be excluded from anti-virus (AV) applications running on EDR Servers?


  • EDR server: All versions


Exclude the data directories on EDR servers (primary and secondary nodes in a cluster). To confirm the directory run this command in terminal:
grep DatastoreRootDir /etc/cb/cb.conf
 Default directory:

Additional Information

  • Make sure to use the directory set in cb.conf. At cbinit the data directory might have been changed
  • Exclusions are necessary to avoid degradation in performance
  • Exclusions also avoid corruption of the Postgres and Solr databases
  • If performance degradation is seen in the environment, disabling the AV application should be the first attempt in troubleshooting