Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Performance Issues With VMs and Other Large Files on Agent 8.8 or Higher

App Control: Performance Issues With VMs and Other Large Files on Agent 8.8 or Higher


  • App Control Agent: 8.8.0 and Higher
  • App Control Console: All Supported Versions
  • Microsoft Windows: All Supported Versions


High resource usage or performance degradation due to parity.exe reading large files.


As of the 8.8.0 Agent, Yara scans now occur on large files. Performance issues may be encountered on large files (such as vmdk, vhd, etc) during this analysis.


Beginning with version 8.9.0 a new Agent Config (max_analysis_size_mb) is now available. This property will skip analysis until files over the specified size (in MiB) are executed.
  1. Log in to the Console and navigate to https://ServerAddress/agent_config.php
  2. If one does not exist already, add a new Agent Config using the max_analysis_size_mb value to target the impacted endpoint, Policy, Platform, or combination of those options. Example:
    Name: Skip Large File Analysis Until Execution
    Host ID: 0
    Value: max_analysis_size_mb=VALUE
    Platform: Windows
    Status: Enabled
    Create For: Selected Policies > Virtual Machines
  3. If the issue persists, open a case with Carbon Black Technical Support.

Additional Notes

  • The premise of this configuration is that the impacted large files (e.g. .vhd, .bak, etc.) are generally not executed and analysis would be skipped.
  • Support for the max_analysis_size_mb Agent Config was introduced in the 8.9 Agent.
  • Agent 8.8 and earlier will not support this Agent Config until upgraded to a later version.
  • If necessary, follow the steps in this article to implement a Performance Optimization rule for the impacted files.

Related Content

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: