• The line below (<date-time>-_main_-180-DEBUG-Saving 0 analysis results..) happens repeatedly in the /var/log/cb/integrations/cb-yara-connector/yaraconnector.log when debugging is enabled for the CB-Yara-Connector:

2021-05-04 12:58:44,625-_main_-820-INFO-Yara connector shutdown
2021-05-04 12:58:45,426-_main_-746-DEBUG-RUNNING AS DEMON
2021-05-04 12:58:45,426-_main_-236-INFO-Testing connection to Postgres database...
2021-05-04 12:58:45,525-_main_-456-DEBUG-Starting perf thread
2021-05-04 12:58:45,525-_main_-220-INFO-Connecting to Postgres database...
2021-05-04 12:58:45,530-_main_-539-DEBUG-Scanning until exit...(continuous)
2021-05-04 12:58:45,530-_main_-466-DEBUG-Starting analysis thread
2021-05-04 12:58:45,530-_main_-554-DEBUG-START database sweep
2021-05-04 12:58:45,531-_main_-260-DEBUG-Getting database cursor...
2021-05-04 12:58:45,531-_main_-472-DEBUG-Starting results saver thread
2021-05-04 12:58:45,531-_main_-270-DEBUG-SELECT md5hash FROM storefiles WHERE present_locally = TRUE AND timestamp >= '2020-05-04 12:58:45.531340' ORDER BY timestamp DESC
2021-05-04 12:58:45,533-_main_-613-DEBUG-Celery minion args are None
2021-05-04 12:58:45,533-_main_-812-DEBUG-Started as demon OK
2021-05-04 12:58:54,589-_main_-323-INFO-Enumerating modulestore...found 1056906 resident binaries
2021-05-04 13:12:08,440-_main_-339-INFO-Queued 1056906 new binaries for analysis
2021-05-04 13:12:08,440-_main_-341-DEBUG-Exiting database sweep routine
2021-05-04 13:21:24,040-_main_-180-DEBUG-Saving 0 analysis results...
2021-05-04 13:21:24,040-_main_-180-DEBUG-Saving 0 analysis results...
2021-05-04 13:21:24,040-_main_-180-DEBUG-Saving 0 analysis results...

• Due to the error message above, the CB-Yara-Connector never fully finishes the scan of MD5s.

• EDR CB-Yara-Connector: 2.1.2 and lower

• To enable/disable debug logging with the Yara-Connector to confirm the condition above: EDR CB-Yara-Connector: Enable Debug Logging