Environment

• Carbon Black Protection
• All Versions

Question

Why do I see "kernel:don't care" events?

Answer

These messages are not normal and may be a sign that the agent is not in a healthy state and the file lost the original discovered file state.

1) First try to repair the cache by going to the Assets > Computers > Details page. On the right panel, select Perform Cache Consistency Check > Full scan for new files

2) If events continue, collect agent diagnostics during reproduction and create a support case for further review.
Cb Protection: Collecting agent logs remotely for troubleshooting - Windows

Additional Notes

The Kernel:Don't Care corresponds to an internal kernel operation with a value of 0 in the cache. These are operations that we don't need to process and a normal function of the product. These are not sent as an event normally, however if the original fileop type is lost due to cache corruption it could set back to 0 and send up an event.