Environment
- App Control Agent: All Supported Versions
- macOS: All Supported Versions
- Linux: All Supported Versions
- Windows: All Supported Versions
Symptoms
- The Agent's cache.db file is more than 1GB in size
- Files that have been Approved in the past, are now being blocked
- Errors.bt9 file shows frequent and persistent messages similar to the below:
- Error[database disk image is malformed]
- Error[HandleCorruptDB: Warning: Agent database appears to be corrupt
- Error[ValidateConfigListFile Error[Magic mismatch[xxxx] Expected[yyyy]]]
- Error[CacheDatabase: Database did not pass integrity check]
- Cache_invalid.bt9 files located in the Agent Data directory.
- Events with subtype "Agent database error" may show in the Console.
Cause
The most common cause of Agent cache corruption is improper/hard shutdowns. Other reasons could include:
- Third party products injecting into the Agent/interfering with operations.
- Unsupported OS/Agent combination.
- Modifications to the OS or other critical files while the Agent is not running/disabled.
Resolution
- Verify the impacted machine is running a supported and compatible Agent version.
- Verify Agent Exclusions are added to any 3rd Party Software (Windows, macOS, Linux).
- Temporarily stop & unload the Agent (Windows, macOS, Linux).
- Delete all files with cache in the name from the relevant directory:
- Linux: /srv/bit9/data/
- macOS: /Library/Application Support/com.bit9.Agent/
- Windows: C:\ProgramData\Bit9\Parity Agent\
- Start the Agent
- Allow the Agent to fully Initialize again.
Additional Notes
- Initialization will occur after completing these steps, and will issue a new Local Approval to all files.
- If the machine is sensitive to degraded performance, or possible blocks, it is recommended to complete these steps outside peak usage.
- If this is happening on multiple machines consider using the Cache Integrity mode.
Related Content
