CB Response: How To Purge Event Data From Sensors With A High Backlog
search cancel

CB Response: How To Purge Event Data From Sensors With A High Backlog

book

Article ID: 290851

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to purge event data from sensors with a high backlog.

Environment

  • CB Response Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Go to C:\Windows\CarbonBlack\EventLogs
  2. Move all files within this folder to the Recycle Bin.
  3. Empty Recycle Bin.
  4. Restart CB Response Sensor service.

Additional Information

  • If CB Protection agent is also installed on the endpoint, please confirm the CB Response Rapid Config is disabled in the CB Protection UI so that tamper protection on the CB Response Sensor folder is disabled.
  • As the event data is being purged, no need to stop the CB Response Sensor service.
  • Can also use GPO to send out commands to multiple endpoints at once.
Powered by Wolken Software