Environment
- Carbon Black Protection
- All Versions
Question
Why do I see "kernel:don't care" events?
Answer
These messages are not normal and may be a sign that the agent is not in a healthy state and the file lost the original discovered file state.
1) First try to repair the cache by going to the Assets > Computers > Details page. On the right panel, select Perform Cache Consistency Check > Full scan for new files
2) If events continue, collect agent diagnostics during reproduction and create a support case for further review.
Cb Protection: Collecting agent logs remotely for troubleshooting - Windows
Additional Notes
The Kernel:Don't Care corresponds to an internal kernel operation with a value of 0 in the cache. These are operations that we don't need to process and a normal function of the product. These are not sent as an event normally, however if the original fileop type is lost due to cache corruption it could set back to 0 and send up an event.
