EDR: Unexpected jump in backlog after updating applications
Article ID: 289938
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Server backlog grows after upgrades to several applications on endpoints
- The number of processes logged each day does not increase
- Binary backlog jumps to several GB / TB in size
Environment
- EDR Server: All Supported Versions
- EDR Sensor: All Supported Versions
Cause
Large deployment upgrades cause several new binaries and actual process events to be captured
Resolution
- This behaviour is expected due to the amount of activity that occurs during updates.
- The server should be able to work through the backlog. If the backlog is not decreasing contact Carbon Black Support with a set of server diagnostics
Feedback
Yes
No
Powered by
