logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Alert Generated for Old Event

EDR: Alert Generated for Old Event

Environment

  • EDR Server: All Versions
  • EDR Sensor: All Versions

Symptoms

  • A new alert is generated for an old process
  • Event was never alerted on in the past

Cause

The sensor had not checked into the server since the event was originally recorded until recently

Resolution

This behavior is expected. 

Additional Notes

  • Event times are based on the local time of the endpoint. If the endpoint's clock is off, this will also occur
  • When a sensor goes offline, it will continue to collect data until a pre-configured size limit. Once that limit is reached, no further data will be collected until other information is offloaded to the EDR server upon checkin.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎02-28-2019
Views:
469
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.