Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB PSC: Alert Notifications Delayed From A Single Machine

CB PSC: Alert Notifications Delayed From A Single Machine

Environment

  • CB Defense PSC Sensor: 3.2.1.51 and higher
  • Microsoft Windows: All supported versions
  • MacOS: All supported versions

Symptoms

Alert notifications delayed from a single machine while other machines within the environment are alerting without any delays.

Cause

There are a several reasons why this could occur: 
  1. The system did not have a network connection at the time of the event.
  2. The event occurred right before a system shutdown and before the sensor was able to finish uploading event data. 
  3. When running a background scan or a large backup job on a file server with thousands of files being scanned some alerts may be slightly delayed as the event data is being processed.

Resolution

For systems that did not have a network connection or events were not uploaded before the system was shutdown:
  • Alert and collected event data will be uploaded to the console when connectivity has been restored and will require some processing time before alerts can be generated.
  • Checking the Event Time Line of the system in question will show a gap if the system was offline.
File Servers are uniquely impacted by scanner settings as performance and duration of a scan is a function of processing power, file sizes and counts.
  • Enabling Background Scan on file servers should be evaluated carefully.
  • On-Access File Scan can also be impacted by backup applications. We recommend evaluating a vendor's AV scanning guidelines.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
534
Contributors