EDR: AV Exclusion Directories for Cluster Servers
Article ID: 286301
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What path should be excluded from anti-virus (AV) applications running on EDR Servers?
Environment
- EDR server: All versions
Resolution
Exclude the data directories on EDR servers (primary and secondary nodes in a cluster). To confirm the directory run this command in terminal:
grep DatastoreRootDir /etc/cb/cb.confDefault directory:
/var/cb/data
Additional Information
- Make sure to use the directory set in cb.conf. At cbinit the data directory might have been changed
- Exclusions are necessary to avoid degradation in performance
- Exclusions also avoid corruption of the Postgres and Solr databases
- If performance degradation is seen in the environment, disabling the AV application should be the first attempt in troubleshooting
Feedback
Yes
No
Powered by
