It feels like only yesterday I was complaining about Sentinel One trying to take the crown for shittiest security software. Afraid they may be dethroned, CrowdStrike hit back and hit back hard!
It started off with a report that Erik loves some big memory grants and cannot lie. One of the worst monitoring tools for SQL Server was involved so you know it’s a 50% gamble if your server hasn’t already been compromised or you can find anything in your errorlog, even after being told for the last 6 years about a trace flag that has been removed since the year 2000. Cutting this diatribe short, the bug report was closed out because… CrowdStrike screwed you over.
Shocked, I know! Who could have seen this coming? Not me, not this guy. /s
The point is, as I’ve stated so many times before, that this kind of software digs itself into the kernel and inserts tendrils where it ought not, which causes all kinds of self-inflicted issues and downtime. But hey, your CISO is happy, because if the server is down, those pesky adversaries can’t get to it!
My personal favorite from that so-called monitoring software is receiving sev-1 incidents for “long running jobs” in SQL Server Agent. Or for job steps that fail and are handled by design in other steps being reported as a sev-1 incident. If I never see that pile of rubble again it will be too soon.