Performance Issues With VM, Database, and Other Large Files on Agent 8.8 or Higher

search cancel

Performance Issues With VM, Database, and Other Large Files on Agent 8.8 or Higher

book

Article ID: 286748

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

High resource usage or performance degradation due to parity.exe reading large files.

May experience Windows "File In Use" messages, similar to:

The action can't be completed because the file is open in Carbon Black App Control Agent

Environment

App Control Agent: 8.8.0 and Higher
App Control Console: All Supported Versions
Microsoft Windows: All Supported Versions

Cause

As of the 8.8.0 Agent, Yara scans now occur on large files. Performance issues may be encountered on large files (such as vmdk, vhd, etc) during this analysis.

Resolution

Depending on the application encountering this issue, the solution may vary:

SQL Server and related files: follow SQL Server Performance Issues with Agent Installed.
Files that never execute: Create a Performance Optimization Rule.

If the files are executable, or if the issue persists: collect the Agent Performance Logs and open a case with Support.

Additional Information

Windows Agent version 8.10.2 (estimated late 2025) will introduce two new Configuration Properties to assist in mitigating this issue.
- yara_analysis_timeout_secs
- yara_ignore_patterns

Feedback

thumb_up Yes

thumb_down No