logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Sensor reporting event loss

EDR: Sensor reporting event loss

Environment

  • EDR(Formerly Carbon Black Response) Sensor: 7.2.0 and below
  • Microsoft Windows: All Supported Versions

Symptoms

Sensor heath score reports High and Excessive event loss

Cause

we can see the sensor version 7.1.1 is taking 3 hours to recover:

Tid[1748] 2021-09-01 12:51:16 (i): Kernel event loss health score changed! New status: Excessive event loss; Old score: 0; New score: -50
Tid[1748] 2021-09-01 12:51:16 (i): Overall health score changed! New status: Excessive event loss; Old score: 100; New score: 50
...
Tid[1748] 2021-09-01 15:52:21 (i): Kernel event loss health score changed! New status: Healthy; Old score: -50; New score: 0
Tid[1748] 2021-09-01 15:52:21 (i): Overall health score changed! New status: Healthy; Old score: 50; New score: 100


Resolution

Upgrade to 7.2.2 Windows Sensor.
 

Additional Notes

Fixed in 7.2.1 sensor version, but it is no longer support as 7.2.2 sensor release.
 

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎10-18-2021
Views:
681
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.