logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Excessive events during Sophos (Windows) definition update

Excessive events during Sophos (Windows) definition update

Version
ALL

Issue
Sophos updates are causing the Parity Agent to send many events to the Parity server for files that have not changed during the update. This adjustment should be made with any customer running Sophos in a "high volume" situation (such as updates occurring every 5 minutes, or large numbers of Parity Agents).

Symptoms
An excessive amount of events are generated due to Sophos updates.  Some environments have seen upwards of 7-9 million events generated.

Cause
Internal Bit9 property must be updated to properly update Sophos.

Solution
An internal server setting needs to be adjusted. Please contact Bit9 Support citing this solution number (309) for assistance.


Internal Note(s):
https://community.bit9.com/docs/DOC-3681

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
jnaiga
Creation Date:
‎12-17-2015
Views:
1021
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.