This hotfix resolves the following issues:

• Excessive memory used by the SISIDSService on Windows Domain Controllers.
• High CPU usage by SISDSService on busy Windows Domain Controllers.
• The IDS EventLog collector does not shutdown properly.  

• When viewed from the Task Manager, the SISIDSService memory utilization increased gradually over time without a limit.
• High CPU usage by SIDSService on busy Windows Domain Controllers.
• The IDS EventLog collector would not shutdown from the Service Control Manager and had to be force killed from Task Manager.

This hotfix includes:

A maximum size limit is set for the SISIDSService cache. Also, a Least Recently Used (LRU) mechanism is added to pick the element that needs to be removed from the cache once the cache reaches its maximum size limit.

Performance improvements to prevent high CPU utilization

The IDS EventLog collector now checks for shutdown notification after processing each event log record. If it finds a shutdown notification, it aborts further record processing and shut down itself.

Applies To

Affected Operating System: Windows operating systems

Symantec Critical System Protection version: 5.2.0 and newer