Sensor Debug Logs are Filling Up the Drive
search cancel

Sensor Debug Logs are Filling Up the Drive

book

Article ID: 291152

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Disk space is filling up because of log files in C:\Windows\CarbonBlack\DebugLogs.

Environment

  • EDR Windows Sensor: 7.2.1 and 7.2.2

Cause

Certain events are logged frequently to the debug log files and this event is causing the logs to grow large. 

Resolution

This issue was resolved with the release of Sensor version 7.3.0.

Additional Information

  • The previous logs may need to be deleted to clear up the disk space as the upgrade to 7.3 won't delete the old logs
  • It is safe to delete the log files in C:\Windows\CarbonBlack\DebugLogs
  • Enable Tamper Protection on 7.2.1 and higher Windows sensors, to stop the hooking of any A/V products to the sensor.
  • As a workaround, the Sensor can be prevented from writing debug log files by creating the following registry key in HKLM\Software\CarbonBlack\config  
    Type : REG_DWORD
Name: DebugLevel
Value: Default 0
Powered by Wolken Software