Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect Mac Agent Performance Diagnostics

App Control: How to Collect Mac Agent Performance Diagnostics


  • App Control (Formerly CB Protection) Agent: All Versions
  • Mac OS: All Supported Versions


This document describes the collection of diagnostics that will help Carbon Black Support with investigating a resolution to the following issues:
  • High CPU
  • High Memory Usage
  • Slow Application Performance
  • Slow Machine Performance


  1. "/Applications/Bit9/Tools/b9cli [command]"
  2. Run the following commands
    • ./b9cli --password <CLI or Global password here>
    • ./b9cli --resetcounters
    • ./b9cli --flushlogs
    • ./b9cli --debuglevel 6
    • ./b9cli --kerneltrace 4
  3. Reproduce the issue during the capture. Keeping the capture as short as possible. resetcounters and flushlogs can be run again until successful reproduction
  4. Capture and stop debug logging
    • ./b9cli --capture <path to drop>/`hostname`_`date +%Y-%m-%d_%H-%M-%S`.zip
    • ./b9cli --password <CLI or Global password here>
    • ./b9cli --debuglevel 0
    • ./b9cli --kerneltrace 2
  5. After collection, please reproduce with the sample command and agent diagnostics not running
    • sudo sample b9daemon 10 10
      This will write a .txt sample analysis file to /tmp
  6. Collect System Logs
    • system_profiler --detaillevel full > sysinfo.txt
    • tar -cvf library-logs-panicreports.tar /Library/Logs/PanicReports
      For 10.6 or above
    • system_profiler --detaillevel full > sysinfo2.txt
    • tar -cvf library-logs-diagnosticreports.tar /Library/Logs/DiagnosticReports
  7. Answer the following questions
    • When did the issue start?
    • Were there any changes?
    • Is this continuous or a periodic spike?
    • What AV products are on the endpoint?
    • Is this a development endpoint?

Additional Notes

  • OS X security features do not allow these commands to be run from the Application directory. Commands need to be run from a directory you have write permissions to - i.e. your home folder

Labels (1)
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Creation Date: