CB Response: Performance degradation with banning
Article ID: 288012
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Performance degradation the first time the sensor encounters Chrome being launched
Environment
- Carbon Black Response Sensor: All Versions
- Apple MacOS: All Supported Versions
Cause
Chrome stat64 calls creates overhead during the banning process
Resolution
This should only happen the first time the sensor comes across the hash. After this the performance degradation will not be present on the machine
Additional Information
- CB-26139 open for investigation of performance enhancements
- Chrome creates significantly more stat64 system calls than other browsers
- The stat64 system call takes longer with banning enabled as this is where the MD5's are calculated
Feedback
Yes
No
Powered by
