Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Sensor Debug Logs are Filling Up the Drive

EDR: Sensor Debug Logs are Filling Up the Drive


  • EDR Windows Sensor: 7.2.1 and 7.2.2


Disk space is filling up because of log files in C:\Windows\CarbonBlack\DebugLogs.


Certain events are logged frequently to the debug log files and this event is causing the logs to grow large. 


This issue was resolved with the release of Sensor version 7.3.0.

Additional Notes

  • The previous logs may need to be deleted to clear up the disk space as the upgrade to 7.3 won't delete the old logs
  • It is safe to delete the log files in C:\Windows\CarbonBlack\DebugLogs
  • Enable EDR Tamper Protection on 7.2.1 and higher Windows sensors, to stop the hooking of any A/V products to the sensor.
  • As a workaround, the Sensor can be prevented from writing debug log files by creating the following registry key in HKLM\Software\CarbonBlack\config 
    Type : REG_DWORD
    Name: DebugLevel
    Value: Default 0

Related Content

Labels (2)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Creation Date: