This topic describes Carbon Black EDR Windows sensor event loads.
Cause
The number of outstanding raw kernel events to be processed has exceeded a threshold.
Note: Netconn events are handled in a separate driver.
Impact
Data collection/usability.
Severity Scale
| Event queue depth |
Health score |
Message |
|---|---|---|
| > 512 |
-5 |
Elevated event load |
| >1024 |
-10 |
High event load |
| > 4096 |
-25 |
Excessive event load |
Remediation
Analyze event collection to determine what is generating the event load. Consider disabling event collection on certain event types.
