Environment
- CB Response Sensor: (All versions)
- Microsoft Windows: All Supported Versions
Symptoms
- Unusually slow bootup time on Windows endpoint
Cause
The AntiVirus software (such as Windows Defender) scans the CB Response Sensor directory, which consumes resources and causes delays in bootup.
Steps to confirm:
- Ensure the CB Response Sensor is installed
- Gather boot logs (requires a reboot)
- Open the captured boot log file
- Click the Tools menu > Process Activity Summary
- Click the CPU column to sort the entries
- Note the highest processes, which are likely to be AntiVirus software related (example: MsMpEng.exe is Windows Defender)
Resolution
- Configure the AntiVirus software to ignore the Cb Response Sensor directory (%WINDIR%\CarbonBlack\* by default)
- Configure the AntiVirus software to ignore the Cb Response Sensor Process (cb.exe)
Additional Notes
If the sensor process name was modified in the sensor groups page, please add the new process name to the exclusions list
Related Content