The EDR Sensor Syncing Status Remains on the Console
Article ID: 287619
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
The 'Online Syncing' status does not clear after requesting a 'Sync' from Linux sensors in the EDR Console.
Environment
EDR Server: 7.8.0
Linux Sensor: 7.1.2
Linux Sensor: 7.1.2
Cause
The 'Sync' request immediately is sent to the sensor and the sensor responds.
However, one of the date fields in the Linux sensor response contains an incorrect value which never meets a condition to remove the 'Online Syncing' status.
However, one of the date fields in the Linux sensor response contains an incorrect value which never meets a condition to remove the 'Online Syncing' status.
Resolution
A temporary workaround to remove the Sync status is to restart the sensor. Run commands locally as root.
systemctl stop cbdeamon ps -ef | grep cb (confirm cbdaemon is not running) systemctl start cbdeamon
Or use Live Response to run the commands.
execfg systemctl stop cbdeamon execfg ps -ef | grep cb (confirm cbdaemon is not running) execfg systemctl start cbdeamon
Additional Information
- The bug should be fixed in an upcoming release 7.9.0
Feedback
Yes
No
Powered by
