EDR: Linux sensor cbdaemon may not detect currently running cbdaemon process
Article ID: 291794
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- EDR sensor causes dozens of instances or rpm to run simultaneously.
- cbdaemon has a mechanism to detect if a daemon is already running and exit if so, but this doesn't always work.
Environment
- EDR Server: All Supported Versions
- EDR Linux Sensor: 6.1.11 and above
- Linux OS: All Supported Versions
Cause
Related to EDR sensor issue CB-28791
Resolution
- This will be fixed in a future sensor release.
- As a workaround
- Stop the service
-
systemctl stop cbdaemon
-
- kill any remaining cbdaemon processes
-
kill -9 <pid of remaining cbdaemon>
-
- start the service.
-
systemctl start cbdaemon
-
- Stop the service
Feedback
Yes
No
Powered by
