Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Sensor Debug Logs are Filling Up the Drive

EDR: Sensor Debug Logs are Filling Up the Drive

Environment

  • EDR Windows Sensor: 7.2.1 and 7.2.2

Symptoms

Disk space is filling up because of log files in C:\Windows\CarbonBlack\DebugLogs.

Cause

Certain events are logged frequently to the debug log files and this event is causing the logs to grow large. 

Resolution

This issue was resolved with the release of Sensor version 7.3.0.

Additional Notes

  • The previous logs may need to be deleted to clear up the disk space as the upgrade to 7.3 won't delete the old logs
  • It is safe to delete the log files in C:\Windows\CarbonBlack\DebugLogs
  • Enable EDR Tamper Protection on 7.2.1 and higher Windows sensors, to stop the hooking of any A/V products to the sensor.
  • As a workaround, the Sensor can be prevented from writing debug log files by creating the following registry key in HKLM\Software\CarbonBlack\config 
    Type : REG_DWORD
    Name: DebugLevel
    Value: Default 0

Related Content


Labels (2)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎09-01-2021
Views:
3846
Contributors