CB Response: Windows Sensor slow to boot

CB Response: Windows Sensor slow to boot

search cancel

CB Response: Windows Sensor slow to boot

book

Article ID: 290749

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Unusually slow bootup time on Windows endpoint

Environment

CB Response Sensor: (All versions)
Microsoft Windows: All Supported Versions

Cause

The AntiVirus software (such as Windows Defender) scans the CB Response Sensor directory, which consumes resources and causes delays in bootup.

Steps to confirm:

Ensure the CB Response Sensor is installed
Gather boot logs (requires a reboot)
- CB Response: How to collect a Procmon for Boot/Login Sensor Performance
Open the captured boot log file
Click the Tools menu > Process Activity Summary
Click the CPU column to sort the entries
Note the highest processes, which are likely to be AntiVirus software related (example: MsMpEng.exe is Windows Defender)

Resolution

Configure the AntiVirus software to ignore the Cb Response Sensor directory (%WINDIR%\CarbonBlack\* by default)
Configure the AntiVirus software to ignore the Cb Response Sensor Process (cb.exe)

Additional Information

If the sensor process name was modified in the sensor groups page, please add the new process name to the exclusions list

Feedback

thumb_up Yes

thumb_down No