App Control: Changing Rule Ranking Causes Temporary Loss of Rule Functionality and/or Performance Hit
Article ID: 291391
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Temporary loss of Rule functionality
- Block events
- High Parity.exe CPU% (Particularly Effects VDI Environment))
Environment
- App Control Console: 8.x
Cause
- When adding a new rule or, re-ordering a rule in "Rules" > "Software Rules" > "Custom", the App Control server sends a delete action (via CL updates) to the agents to delete rules, before sending the new list of rules, with the new rankings
- The new rule, rankings or changes don't take affect on the endpoint until the server sends the delete action down to the agents, followed by sending down the list of new rules, changes, rankings, etc
Resolution
It is recommend when changing rankings on rules, that smaller increments be used (e:g: Rank "1" to Rank "10", or something similar) to help prevent any issues
Additional Information
- Ranking changes and the resultant rule deletion/update on the agents, is only temporary and will resume as intended, when the agent has fully synced
- Ranking changes will have a far greater impact in a VDI Environment, as each Virtual Machine attempts to perform the same task at the same time on its Host Machine
Feedback
Yes
No
Powered by
