App Control: Certificate Validation Slow with CoreStreet Validation Client
Article ID: 290329
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Performance issues with Certificate Revocation features of CB App Control
- Trace.bt9 file of Agent reports messages similar to the following:
b9ABCache::RemoveAntibody: Removing antibody for file[\\?\globalroot\device\harddiskvolume3\programdata\corestreet\validation client\logs\wtbd3c.tmp] b9ABCache::RemoveAntibody: Removing antibody for file[\\?\globalroot\device\harddiskvolume3\programdata\corestreet\validation client\logs\wtbde6.tmp]
Environment
- App Control Server: All Versions
- App Control Agent: All Versions
- CoreStreet Validation Client
Cause
CoreStreet Validation Client creating large amount of events while validating certificates.
Resolution
Add following 'kernelFileOpExclusions' parameter:
- Open following URL in the Console - https://<App_Control_ServerName>/agent_config.php
- Select Add Agent config, add following values:
a. Name: KernelFileOpExclusion for CoreStreet Validation Client
b. Host ID: 0
c. Value: kernelFileOpExclusions=*\programdata\corestreet\validation client\logs\*:99696
- Select Enabled, then Save
Additional Information
- The '99696' value at the end of this parameter will not create events for 'All File Modifications (excluding mmap write + delete on close)
Feedback
Yes
No
Powered by
