Environment
- Carbon Black Cloud Sensor: 3.4.0.1097 and Higher Versions.
- Microsoft Windows: All Supported Versions
Symptoms
Pagefile.sys is seen to increase in size when 3.5.0.X and Higher sensor is installed
Cause
The 3.5.0.X sensor has the identified issue of changing memory dump type from 'Automatic' to 'Complete' memory dump ().
Resolution
Option 1:
- Put the sensor into Bypass mode
- Edit C:\Program Files\Confer\cfg.ini file
- Add the following
ConfigureMemoryDumpSettings=0
- Change system dump settings to default (automatic memory dump)
- Go to Advanced System Settings > Advanced > Startup & Recovery >Settings > Write Debug Info
- Set to value to "Automatic"
- Click OK
- Reboot the endpoint to confirm memory dump settings are still set to automatic and that the disk space has been reclaimed.
Option 2:
- On install of sensor 3.5.0.1680 maintenance release or newer where the ability to configure this via a command line install is available.
msiexec /q /i C:\xxxxx\installer_vista_win7_win8- 32-3.5.0.xxxx.msi /L* log.txt COMPANY_CODE=XYZ AUTO_CONFIG_MEM_DUMP=0
Additional Notes
- If the memory dump is set to complete, the OS has to allocate enough space in the pagefile to store the entire contents of memory which is 1 x RAM plus 275 MB
Related Content
