Zero Prevalence Pruning is enabled, but a majority of the files in the environment are not eligible due to being included in the Antibodies_Lookup table

• Carbon Black App Control Server: All Supported Versions

When the Carbon Black File Reputation (CDC) is disconnected, deactivated, or unconfigured, files queue up in the dbo.antibodies_lookup table awaiting a reputation re-check from the App Control server. Because they are stuck in this pending state, they bypass the pruning process and cannot be purged. This is being investigated in CRE-23992.

Option 1: Restore the Carbon Black File Reputation (CDC) Connection

See Check CDC Status and Connectivity.

Option 2: Bypass the CDC Requirement for Purging (Workaround)

Important Note: Only proceed with this option if you do not plan to fix the CDC connection issue. If you want CDC reputation lookups to function properly in the future, you must revert these changes.

1. Disable the antibody_threat trigger
   • Das > Tables > dbo.antibodies > Triggers > Right-click tr_antibody_threat and set to Disabled.
   • Impact: This prevents the system from automatically queuing a hash into the antibodies_lookup table whenever there is a change to an antibody.
2. Modify the dbo.UsedantibodyIds view
   • Das > Views > Right-click dbo.UsedantibodyIds > Script View as > ALTER to > New Query Editor Window.
   • Comment out lines 21 and 22 by adding -- to the beginning of each line, then execute the script.
   • Impact: This removes the server's dependency on the antibodies_lookup table for pruning purposes.

If you encounter this issue, please open a support case with Broadcom and request that it be associated with CRE-23992.