Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black OSX Sensor performance symptoms

Carbon Black OSX Sensor performance symptoms

Version

This solution applies to all Carbon Black OSX Sensor versions

 

Issue

On OSX hosts, performance issues may be observed such as high CPU utilization, memory consumption, disk usage or erratic mouse behavior.

 

Symptoms

The CPU, memory, or disk issue can be found from OSX's Activity Monitor application.

 

Solution

To resolve the issue, disable "Binary module (.dll, .sys, .exe) loads" event from the Sensor Group Settings from the Carbon Black UI:

 

1. Navigate to Administration -> Sensors -> select the relevant Sensor Group -> select "Edit Settings"

2. Select the "Event Collection" tab, and deselect the check box "Binary module (.dll, .sys, .exe) loads".

3. Select Save Changes

4. Allow a few minutes for the Sensor to receive the update

5. Ensure the performance symptom is no longer observed.

 

By disabling this event you will lose visibility of dynamic libraries that are loaded on the endpoint.

 

Important Note

This issue is addressed in Sensor version v5.1.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-02-2015
Views:
2222
Contributors