Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Protection: What are Kernel:Don't Care messages?

Cb Protection: What are Kernel:Don't Care messages?

Environment

  • Carbon Black Protection
  • All Versions

Question

Why do I see "kernel:don't care" events?

Answer

These messages are not normal and may be a sign that the agent is not in a healthy state and the file lost the original discovered file state.

1) First try to repair the cache by going to the Assets > Computers > Details page. On the right panel, select Perform Cache Consistency Check > Full scan for new files

2) If events continue, collect agent diagnostics during reproduction and create a support case for further review.
Cb Protection: Collecting agent logs remotely for troubleshooting - Windows

Additional Notes

The Kernel:Don't Care corresponds to an internal kernel operation with a value of 0 in the cache. These are operations that we don't need to process and a normal function of the product. These are not sent as an event normally, however if the original fileop type is lost due to cache corruption it could set back to 0 and send up an event.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-19-2018
Views:
631
Contributors