EDR: Unexpected jump in backlog after updating applications
search cancel

EDR: Unexpected jump in backlog after updating applications

book

Article ID: 289938

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Server backlog grows after upgrades to several applications¬†on endpoints¬†
  • The number of processes logged each day does not increase
  • Binary backlog jumps to several GB / TB in size

Environment

  • EDR Server: All Supported Versions
  • EDR Sensor: All Supported Versions

Cause

Large deployment upgrades cause several new binaries and actual process events to be captured

Resolution

  • This behaviour is expected due to the amount of activity that occurs during updates.
  • The server should be able to work through the backlog. If the backlog is not decreasing contact Carbon Black Support with a set of server diagnostics