Rebuild the Agent Cache After Corruption
search cancel

Rebuild the Agent Cache After Corruption

book

Article ID: 286773

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • The Agent's cache.db file has grown to several GBs in size
  • Files that have been Approved in the past, are now being blocked
  • Errors.bt9 file shows frequent and persistent messages similar to the below:​
    • ​Error[database disk image is malformed]
    • Error[HandleCorruptDB: Warning: Agent database appears to be corrupt
    • Error[ValidateConfigListFile Error[Magic mismatch[xxxx] Expected[yyyy]]]
    • Error[CacheDatabase: Database did not pass integrity check]
  • Cache_invalid.bt9 files located in the Agent Data directory.
  • Events with subtype "Agent database error" may show up in the Console.

Environment

  • App Control Agent: All Supported Versions
  • macOS: All Supported Versions
  • Linux: All Supported Versions
  • Windows: All Supported Versions

Cause

The most common cause of Agent cache corruption is improper/hard shutdowns. Other reasons could include:
  • Third party products injecting into the Agent/interfering with operations.
  • Unsupported OS/Agent combination.
  • Modifications to the OS or other critical files while the Agent is not running/disabled.

Resolution

Locally: (All Platforms)

  1. Verify the impacted machine is running a supported and compatible Agent version.
  2. Verify antivirus exclusions for the Agent are added to any 3rd party security tools.
  3. Use an elevated command prompt/terminal to issue the relevant commands:
    • Windows: 
      cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalPassword
daslci tamperprotect 0
net stop parity
del "C:\ProgramData\Bit9\Parity Agent\cache.*"
net start parity
    • Linux 
      cd /opt/bit9/bin
./b9cli --password GlobalPassword
./b9cli --tamperprotect 0
./b9cli --shutdown
sudo sh -c 'rm -f /srv/bit9/data/cache*'
sudo ./b9cli --start
    • macOS:  
      cd /Applications/Bit9/Tools 
./b9cli --password GlobalCLIPassword
./b9cli --tamperprotect 0
./b9cli --shutdown
sudo bash -c 'rm -f /Library/Application\ Support/com.bit9.Agent/cache.*'
sudo ./b9cli --start
  4. Allow the Agent to complete Initialization.

Remotely: (Connected, Windows Only)

  1. Login to the Console and navigate to Assets > Computers > relevant Computer.
  2. From the Computer Details page > right-side menu > Other Actions > Delete Database > Go.
  3. From the Other Actions menu > Restart Service > Go.
  4. Wait for the Agent to complete Initialization.

Additional Information

  • Initialization will occur after completing these steps, and will issue a new Local Approval to all files.
  • If the machine is sensitive to degraded performance, or possible blocks, it is recommended to complete these steps outside peak usage.
Powered by Wolken Software