CB Protection: Sattline is slow to write files.
search cancel

CB Protection: Sattline is slow to write files.

book

Article ID: 290960

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Sattline application is slow to write files when CB Protection is installed

Environment

  • CB Protection Server: All versions
  • CB Protection Agent: All Versions
  • Sattline application

Cause

CB Protection looks at .rv and .rt files created by Sattline and slows their writes.
 

Resolution

Two agent config properties need to be created
  1. Go to https://<servername>/agent_config.php
  2. Click on "Add Agent Config" 
  3. Use the following values for the first exclusion:
    1. Property Name:: Exclude_Sattline_File_Access 
    2. Host ID: 0
    3. Value: kernelFileOpExclusions=*.rv:128895,*.vt:128895
    4. Platform: All Platforms
    5. Status:: Enabled
  4. Use the following values for the second exclusion:
    1. Property Name: Exclude operations by main.exe
    2. Host ID: 0
    3. Value: KernelProcessExclusions=*\main.exe:131071
    4. Platform:: All Platforms
    5. Status:: Enabled


 

Additional Information

  • Operation Code 128895 means that we will not process any operations on the .rv and .vt files EXCEPT executes and script executes
Powered by Wolken Software