Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Reported performance issues with the Cb Defense 3.2.0 sensor

Reported performance issues with the Cb Defense 3.2.0 sensor

Final Update

We've made the hotfix available here on the UEX. Please see this article for the download link: Cb Defense: Performance Issues With 3.2.0 Sensor 

Original Article

There have been reports of issues on the User Exchange and via support cases related to performance issues after installing the 3.2 sensor release. These performance issues have resulted in behavior such as:

  • Microsoft Management Console (mmc) panels loading objects slowly
  • Certain applications observing delays between keystroke and the text appearing on screen
    • Reported applications: Internet Explorer and Outlook

Carbon Black has identified a root cause for these performance issues and is currently working to resolve the behavior. A hotfix build will be made available to resolve the identified issues.

If you are experiencing performance issues in specific applications, please open a case with our technical support team. Please provide the following information when opening a support case so that we can confirm whether the hotfix will resolve the reported issue:

Next Steps

We will continue to keep this post up to date as more information becomes available.

Updates

July 11th, 2018 1:18 PM Pacific -- We are currently performing QA validation on the hotfix build. Once QA validation occurs, we will get the build WHQL signed (which allows installation on Windows 10). We'll continue to provide updates as we have them.

July 12th, 2018 9:30 AM Pacific -- Testing is ongoing with the hotfix build. Our internal testing indicates that the hotfix does resolve the performance issues. Historically, we prefer to deliver hotfixes to individual customers as they report problems. To help expedite delivery of the hotfix, we will be publishing the hotfix on the User Exchange when it becomes available. Support will be publishing a Knowledgebase article with the build and some information about what we mean when we create a hotfix. Thank you for your patience on this.

July 13th, 2018 12:15 PM Pacific -- The build has finished WHQL signing and QA validation. We are performing some additional validations currently. Once we receive feedback from that validation, we will be making the hotfix available on the UEX to all impacted customers.

July 16th, 2018 1:26 PM Pacific -- We've posted the KB here on the USer Exchange, Cb Defense: Performance Issues With 3.2.0 Sensor . The 3.2.1 sensor release, which is due in mid-August, will contain this fix as well.

Labels (1)
Comments

I would like to add that even though the latency is vastly more noticeable in IE and Outlook, the overall response of the system seems more sluggish compared to 3.1. Opening the Start menu, logging in or out of Windows, opening and navigating with File Explorer, other Office apps, the whole experience seems odd.

Thank you for the additional information. We have not been able to reproduce this behavior in internal testing, so I can't confirm off hand if those other issues will be resolved with the same code change. If the use case is reproducible, the ProcDump capture would be extremely helpful to confirm.

Once the hotfix is available, you could also try the hotfix release on a test system to see if this is resolved.

Thanks for the update.

What do hotfixes look like in the CB world...just a minor version update to the sensor? Will it be made available on the portal or is it only provided to customers who experience the related issue(s)?

In general, we provide a copy of the msi package via a support case. We go that route because want to limit deployment to people that are impacted.

I'm open to bringing other suggestions to our internal teams for discussion / feasibility though. We don't have to deliver hotfixes too frequently, but if we can help make the process easier for everyone, that would be stellar.

Okay so it seems like if organizations want to add a CB Defense sensor to their image or if they are running very old versions of CB Defense like 2.X that they should go for CB Defense version 3.1 instead of 3.2 ?

I always recommend going with the latest version that has been tested in your environment. Not every customer has hit the performance issues I mentioned above. If you are not seeing those issues, you could use the 3.2.0.10101 sensor available in your console as your master image.

Agreed. 

Chrome has been nearly unbearable for me since 3.2.x.  Scrolling up and down felt extremely "heavy"; I thought I was having video/RAM issues on my practically brand new laptop.  Same with typing in Evernote. 

Reverting to 3.1 appears to have resolved that general sluggishness, in addition to the MMC object loading issue.

We haven't specifically tested Chrome or looked at dumps from a Chrome process to confirm if this fix applies there. Very very broadly, the defect will cause sluggishness in UI response, so the behavior sounds pretty close to what we are pushing out in this hotfix.

Two possible routes I'd love you to go down if possible:

  • If you can capture a ProcDump of Chrome when it is sluggish, and open a support case, we can have the support and engineering team see if the behavior you are observing is due to the defect we are fixing
  • When we have the hotfix available, if you can test the build and see if the hotfix resolves the issue, that would be beneficial as well

Are there plans to roll up the hotfix into a subsequent production release of the CbD sensor?

Yes, we will have the fix in subsequent GA release. Once we've confirmed a release vehicle, we will provide information on timeline for that release.

Article Information
Author:
Creation Date:
‎07-10-2018
Views:
7163
Contributors