Cb Protection: Cache.db-journal is Corrupted
search cancel

Cb Protection: Cache.db-journal is Corrupted


Article ID: 288768


Updated On:


Carbon Black App Control (formerly Cb Protection)


Windows Event logs show:
Event ID: 55
Source: NTFS
"A corruption was discovered in the file system structure on volume ??. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x9f000000004561. The name of the file is "\ProgramData\Bit9\Parity Agent\cache.db-journal". "


  • Cb Protection Agent: 7.x and Higher
  • Microsoft Windows: All Supported Versions


A sector on the disk, has either caused drive or file corruption. 


Run a full chkdsk to verify for any drive or sector corruption; If the step above comes back clean, use the following steps to delete and rebuild the corrupted file:
  1. Open a command prompt and change directory to Program Files\Bit9\Parity agent
  2. Run the following commands in order: 
dascli password <CLI password here> 
dascli tamperprotect 0 
net stop parity 
fltmc unload paritydriver 
del /f c:\programdata\bit9\parity agent\cache.db-journal 
fltmc load parity driver 
net start parity 
dascli status (verify that tamper protect is showing as Enabled)
  1. Verify that a new cache.db-journal is created