CB Protection: Banning Hashes Through the API Causes Database Timeouts and Deadlocks
search cancel

CB Protection: Banning Hashes Through the API Causes Database Timeouts and Deadlocks

book

Article ID: 288819

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Banning hashes through the API causes deadlocks, or frequent timeouts. 

Environment

  • CB Protection Server: 8.0.0 - 8.1.0
  • CB Protection API

Cause

This is caused by the Rules table not being optimized by hash. 

Resolution

Instead of doing a lookup and banning by the hash instead:
  1. Use the hash to query the FileCatalogID from the FileCatalog API
  2. Use the FileCatalogID that is returned against the FileRule API

Additional Information

Because the FileCatalog API is indexed on the Hash values, then querying against this table is much more efficient. The FileRule API is indexed against the FileCatalogID, so this is also more efficient, when used together the query does not need to lock the tables for quite as long. 
Powered by Wolken Software