Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: File Transfer Slowness copying large numbers of files to/from Network Share

Enterprise EDR: File Transfer Slowness copying large numbers of files to/from Network Share

Environment

  • Enterprise EDR (was CB ThreatHunter)
  • Carbon Black Cloud Sensor: 3.4.x to 3.6.0.1941
  • Microsoft Windows: All Supported Versions

Symptoms

  • Network slowness is observed when large numbers of files (1000+) are copied to/from a network share.
  • If one or two large files are copied from/to a network share, the issue wont be observed

Cause

This issue was due to a defect found in the product

Resolution

  1. Upgrade sensor to version 3.6.0.1979
  2. Add the following to the cfg.ini using the instructions provided in KB
    SkipNetworkNonExecuteOps=1
    AreIntermediateNamesOkForAllNetworkFiles=1
  3. If the above change to the cfg.ini resolves the issue, this change can be enabled for default for all sensors running version 3.6.0.1979 upon request by Opening a Support Case

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-19-2022
Views:
316
Contributors