When performing a search in the console, a red toaster pop up displays with the following 

Your query, which includes binary metadata, was blocked because the current size of the binary store could cause search performance issues. If you want to modify this behavior, use the Advanced Settings page (if you have permission) or contact a Global Administrator.

• Carbon Black EDR Server: All Versions

More that 10 million stored binary metadata in the cbmodules core. 

• Disable the Block settings if you are a Global Administrator.
  • Username > Settings > Advanced Settings > Uncheck "Block Searches that Include Binary Metadata with Large Binary Stores"
• In /etc/cb/cb.conf, add and modify this configuration to raise the warning. Where * 10 is the million multiplier. Note: This is the default setting

  ModuleCoreDocumentCountWarningThreshold = 1000000 * 10

• Recommended: Purge old binary metadata. How to Enable Automated Cbmodule Purging

• Purging old binary metadata is the recommended approach.
  • The more binaries stored, the more information the server has to search through. This can lead to timeouts on console searches and watchlists. The product does not purge these by default. 
  • Joins between process search and binary metadata are more expensive. For example, this query has to join between cbevents and cbmodules cores: process_name:chrome.exe AND digsig_result:"unsigned"
  • Many binaries are only seen once in the environment. For example, updating the OS will create a large amount of one time binaries that are being stored.