The ProxySG appliance experiences high CPU usage. This occurs due to a large volume of web requests sent from Google Chrome's Autofill Download Manager component.
The appliance's CPU Monitor reports high CPU utilization in SSL and Cryptography and Policy evaluation - HTTP.
The high CPU usage is caused by Google Chrome sending a large volume of web request traffic to https://clients1.google.com/tbproxy/af/query?client=Google Chrome. If you stop Chrome from accessing the URL, the CPU utilization goes down.
The specific POST request URL is sent by Google Chrome's Autofill Download Manager component as seen in the source code file ("autofill_download_manager.cc") available at:
https://cs.chromium.org/chromium/src/components/autofill/core/browser/autofill_download_manager.cc?q=tbproxy&sq=package:chromium&l=88
To determine if there is a large volume of requests in the network causing continuous policy evaluations, leverage Blue Coat Reporter. The following Reporter reports can be helpful for diagnosing the issue:
Additionally, the Blocked web browsing per user and Default Bandwidth reports are useful.
After reviewing the access logs, if you see significant SSL traffic to https://clients1.google.com/tbproxy/af/query?client=Google%20Chrome, you can apply a policy to disable SSL interception or deny access to the URL.
Disable SSL Interception by url.domain:
<ssl-intercept>
url.domain=clients1.google.com ssl.forward_proxy(no)
<proxy>
url.domain=clients1.google.com detect_protocol(none)
This requires SSL Interception to be enabled to block the URL query path.
<proxy>
DENY url.domain=clients1.google.com url.substring="tbproxy/af"