App Control: What Does the "Agent Deleted Events" Event Mean?
Article ID: 289382
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What does the "Agent Deleted Events" event mean?
Environment
- App Control Console: All versions
- App Control Agent: All versions
Resolution
The “Agent Deleted Events” means the agent has purged old events from its local cache.
Additional Information
- The App Control Agent keeps a local cache of events (the default is 5,000) regardless of whether the agent is connected or not.
- This allows them to be relayed to the server in the event of a DR scenario.
- For agents that are offline for long periods of time and hit the threshold where the agents start purging events from their cache, hey’ will retain information on blocks and malware. However, they’ll purge health check and info type events.
- This is to prevent resource consumption on the endpoints and is expected behavior.
- This can even be expected on connected agents with a high level of activity. Therefore for agents that aren’t offline for a long period of time, it is expected that these events have already been sent to the server.
Feedback
Yes
No
Powered by
