Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

6.1.7 Windows Sensor Memory Leak

6.1.7 Windows Sensor Memory Leak

Hello All,

We have received a few reports from customers that have encountered a memory leak on Windows endpoints running the 6.1.7 sensor software for Cb Response. After further investigation, we have been able to replicate this issue.

The memory leak occurs when an application that opens file handles in user space does not close them on termination but relies on the kernel to do the cleanup, as part of the exit call.Our sensor code, which tracks file operations, fails to release memory used from the user space.

The risk of elevated memory usage is higher on machines that do not routinely reboot (e.g. servers vs laptops). This leak is more evident on machines that execute a lot of short-lived processes and file operations. It is not Windows version specific, nor it is tied to any specific applications.

In the field customers who experienced this reported it after several days of operation (as long as 11-12 days). To our knowledge, they reported this through their monitoring of such systems, not through a crash or interruption. Their concern came from the amount of memory being used by the sensor.

The team has implemented a fix for the memory leak and is preparing a new 6.1.8 windows sensor. The sensor is moving through the motions of internal deployment and testing. Our goal is to provide customers with a 6.1.8 windows sensor sometime later this week.

We will provide updates if the tentative timeline changes. Thank you!

Regards,

The Cb Response Team

Labels (1)
Comments

Hi, Is the memory leak is specific only to windows or Linux as well?

Across multiple instances, I have found it to only be an issue with windows. Specifically servers since they are not routinely rebooted. I personally have not seen any issues with linux.

Correct, this specific issue is only Windows.

Is this memory leak something that can potentially affect older versions as well, such as 6.1.6? Is there definitive data that show this was only introduced with the 6.1.7 Windows sensor?

Downgrading to 6.1.6 windows sensor resolved the memory leak issue for me.

Downgrading to 6.1.6 will work, but that reintroduces the slow reboot issue in 6.1.6

Do we have a concrete date for the 6.1.8 release?  A client of mine has asked for a concrete date.

Article Information
Author:
Creation Date:
‎09-17-2018
Views:
9063
Contributors