This metric records GDI handles usage from the Carbon Black EDR Windows sensor service. GDI handles are used in module extraction only.

Cause

Carbon Black EDR sensor service GDI handle usage is above normal values.

Severity Scale

GDI handles

Health score

Message

> 100

-5

High GDI handle count

> 500

-10

Very high GDI handle count

> 1000

-20

Excessive GDI handle count

Remediation

Analyze event collection to see if a specific event type is generating an excessive count. If these are non-binary file writes, this collection type can be often be turned off. See https://community.carbonblack.com/t5/Knowledge-Base/Turning-off-event-collection-of-Non-Binary-file-writes/ta-p/45819.