App Control: How long does it take to delete a file on an endpoint when a "Delete Files" command is issued from the console?
Article ID: 288967
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
When deleting files from:
- the File Catalog page
- the Files on Computers page
- the Find Files page
- the File Details page
- the File Instance Details page
- Event Rules that will automatically delete files when certain
events occur, such as a report of a malicious file.
Environment
- App Control Server: All Supported Versions
- App Control Agent Version: 8.1.0 and higher
Resolution
When you issue a command to delete files, the request is sent to the agents the next time
the server and agent communicate, normally at 30 second intervals. Depending on the
number of files and agents involved, actual deletion of files and reporting those deletions
back to the server can take from approximately 30 seconds to several minutes.
Requests to delete files on offline computers remain active until the files are actually
deleted. These files will be deleted when their endpoints reconnect to the server. However,
new file instances discovered after a delete request is processed will not be deleted.
During the time between a deletion request and actual deletion of a file on an endpoint,
other actions related to the file might take place. If a user moves a file during this period, it
will still be deleted from the server unless it is moved to a location in which file tracking is
disabled, for example, because of a Performance Optimization rule.
A server-initiated file delete command can only delete files that are currently tracked in
agent’s inventory. Deletion of a file by the endpoint user (i.e., moving it to the Recycle Bin)
might prevent successful completion of a server-initiated file deletion. By default, the
agent only tracks a file in the Recycle Bin if the file has been executed from the Recycle
Bin. For files in the Recycle Bin that have not been executed there, a server-initiated
delete action will fail and report that failure in an event.
the server and agent communicate, normally at 30 second intervals. Depending on the
number of files and agents involved, actual deletion of files and reporting those deletions
back to the server can take from approximately 30 seconds to several minutes.
Requests to delete files on offline computers remain active until the files are actually
deleted. These files will be deleted when their endpoints reconnect to the server. However,
new file instances discovered after a delete request is processed will not be deleted.
During the time between a deletion request and actual deletion of a file on an endpoint,
other actions related to the file might take place. If a user moves a file during this period, it
will still be deleted from the server unless it is moved to a location in which file tracking is
disabled, for example, because of a Performance Optimization rule.
A server-initiated file delete command can only delete files that are currently tracked in
agent’s inventory. Deletion of a file by the endpoint user (i.e., moving it to the Recycle Bin)
might prevent successful completion of a server-initiated file deletion. By default, the
agent only tracks a file in the Recycle Bin if the file has been executed from the Recycle
Bin. For files in the Recycle Bin that have not been executed there, a server-initiated
delete action will fail and report that failure in an event.
Additional Information
Deletion of certain files could prevent proper operation of your endpoints. To minimize this
possibility, some files are protected from deletion via the console, including files identified
as operating system files and files necessary for operation of the agent. You can request
deletion of these files, but they will not be deleted on endpoints, and the Events page will
shows a File deletion failed error event.
possibility, some files are protected from deletion via the console, including files identified
as operating system files and files necessary for operation of the agent. You can request
deletion of these files, but they will not be deleted on endpoints, and the Events page will
shows a File deletion failed error event.
Feedback
Yes
No
Powered by
