Cb Response: Slow Boot Time on Windows 10
search cancel

Cb Response: Slow Boot Time on Windows 10

book

Article ID: 289566

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Windows 10 machines with the 1803 April '18 build have been experiencing longer boot times

Environment

  • Microsoft Windows 10: April '18 Update
  • Cb Response Sensor: 6.1.6 

Cause

  • Events that arrive before the sensor's core driver attaches to the file system volume are added to the sensor's list of running processes.
  • When this happens, the binary hashing fails, because the sensor isn't attached to the volume and can't access the associated binary. However, 'event creation' for intercepted events still block and wait 10 seconds for the hashing to complete.
  • This is especially a problem during startup, because the SYSTEM process repeatedly accesses the registry, and the timeout has to occur multiple times.

Resolution

Upgrade sensor version from 6.1.6 to 6.1.7.80722
Powered by Wolken Software