Access official resources from Carbon Black experts
Advanced Search
IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!
App Control Agent: What triggers USN Journal Cache Consistency check?
Environment
App Control Agent: All Versions
Question
What triggers USN Journal Cache Consistency check?
Cache Consisteny Check events reported to App Control Server
Cache consistency check started Level[Full scan of new files] Options[USN Journal] Type[3] Flags[00000400] Number[1]
Answer
NTFS volumes have a feature called USN journaling
This feature logs file changes and allows a software such App Control Agent to detect file changes that have occurred while the software was not running
By default, the App Control Agent is configured to run a cache consistency check whenever it detect these file changes
New volumes appearing that the Agent did not see before also count as a trigger to do the rescan.
This rescan can be disabled by setting the agent config_prop "usn_journal_flags" to "0"
