logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: How to Add a Cron Job to Clear Up Old Binary Files

EDR: How to Add a Cron Job to Clear Up Old Binary Files

Environment

  • EDR Server: All versions

Objective

Create a cron job to clear out binary files older than a set date.

Resolution

  1. Edit /etc/cb/cron/cb.cron.template
  2. Add the following above the last comment in the file 
    • # Remove binary files older than XX days at 1am
   0 1 * * * root find /var/cb/data/modulestore -name "*.zip" -type f -mtime +XX -delete
  3. Save the file
  4. Restart services for the change to take effect

Additional Notes

  • Actions must be run as a root user or with sudo privileges
  • Binary metadata will still exist in the environment. 
  • Without intervention, binary files will never be removed from the server. 
  • Removing binary files can result in a situation where an endpoint has reported on a binary, but the file is not available. This happens when the binary had already been seen on the endpoint previously. Once a sensor reports on a binary, it will not try to upload the binary on consecutive interactions. The number of days old for the binary should be relatively high to reduce this edge case

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎11-05-2019
Views:
727
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.