EDR: Sensor reporting event loss

search cancel

EDR: Sensor reporting event loss

book

Article ID: 288500

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Sensor heath score reports High and Excessive event loss

Environment

EDR(Formerly Carbon Black Response) Sensor: 7.2.0 and below
Microsoft Windows: All Supported Versions

Cause

we can see the sensor version 7.1.1 is taking 3 hours to recover:

Tid[1748] 2021-09-01 12:51:16 (i): Kernel event loss health score changed! New status: Excessive event loss; Old score: 0; New score: -50
Tid[1748] 2021-09-01 12:51:16 (i): Overall health score changed! New status: Excessive event loss; Old score: 100; New score: 50
...
Tid[1748] 2021-09-01 15:52:21 (i): Kernel event loss health score changed! New status: Healthy; Old score: -50; New score: 0
Tid[1748] 2021-09-01 15:52:21 (i): Overall health score changed! New status: Healthy; Old score: 50; New score: 100

Resolution

Upgrade to 7.2.2 Windows Sensor.

Additional Information

Fixed in 7.2.1 sensor version, but it is no longer support as 7.2.2 sensor release.

Feedback

thumb_up Yes

thumb_down No