ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Performance issue on Linux with CWP AntiMalware AutoProtect

book

Article ID: 172962

calendar_today

Updated On:

Products

Cloud Workload Protection

Issue/Introduction

There was an issue found in the Cloud Workload Protection (CWP) AntiMalware AutoProtect module that would cause performance degradation and potential hangs on a Linux system while processing scanning of real-time file activity on a system. 

Cause

Performance: The performance issue was from a component used by the AutoProtect module (sisevt module) which was using a mutex with interrupts disabled while handling certain system calls, this had the potential to impact system performance on larger/multi-threaded systems and applications.  This mutex was unnecessary for today's operation and was removed. The removal of this mutex resulted in a noticeable performance increase.

System Lock-ups:  Hung processes waiting for scan results could result in system lock-up and potentially a panic of a system.  A problem was found in synchronization of the mutex associated with scanned objects that could result in waiting users/process from not being woken upon scan completion.  

 

Environment

CWP Linux agent prior to 6.7.4.482

Resolution

Workarounds:  Disable AutoProtect feature or upgrade to latest CWP kmod package (6.7.4.481 or 6.7.5.*). 

To disable AutoProtect on a system, run:

# su - sisips -c “./sisipsconfig.sh -amd off”
# service sisamddaemon restart

-or-

# systemctl restart sisamddaemon

 

To update to the latest kernel module package to sdcss-kmod-6.7.4.481 or later, run:

RPM based systems (i.e. Amazon Linux, RHEL7, etc)
# yum update sdcss-kmod

Debian based package system (i.e. ubuntu 14, 16, etc)
# apt-get update;  apt-get install sdcss-kmod