Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
Carbon Black Cloud Sensor causes a backup job to fail
Resolution
- Verify the integrity of the system:
- Verify the Application and System logs of the impacted systems are free of [Disk Failures, Device Disconnections / Time Outs, Performance Issues, Permission Issues]
- Verify system has appropriate amount of resources [CPU, Memory, Disk Space] as outlined by vendor
- For instance, MS DPM requires enough space for a full copy of a protected volume
- Put the sensor in bypass and attempt the same failed backup procedure:
- If the issue persists with the sensor in bypass then the sensor is likely not at fault
- The sensor can be removed to fully validate this.
Note : A reinstall of the sensor will incur background scan time penalties
- If the backup procedure was successful with sensor removed or in bypass:
- Verify the sensor is up-to-date and using the latest available sensor
- If you are running another AV or DLP application ensure exclusions have been created within those applications for Carbon Black Cloud Sensor
- Verify those AV or DLP applications have been excluded within your policy in the Carbon Black Cloud Console
- Create a separate test policy for the impacted systems and within this policy:
- Verify vendor recommended exclusions have been implemented for:
- Processes / Drivers
- Program file locations
- DB locations
- Log locations
- Network storage locations
- To avoid potential Ransomware alerts / blocks based on Canary file modification ensure exclusions for the backup process
- Evaluate disabling the following Carbon Black Cloud Settings in a stair-step approach based on your security posture: [Hash MD5, Scan Files On Network Drives, Scan Execute on Network Drives, Delay Execute For Cloud Scan]
Additional Notes
External Vendor Resources:
Related Content