Performance issue on Linux with CWP AntiMalware AutoProtect
search cancel

Performance issue on Linux with CWP AntiMalware AutoProtect


Article ID: 172962


Updated On:


Cloud Workload Protection


There was an issue found in the Cloud Workload Protection (CWP) AntiMalware AutoProtect module that would cause performance degradation and potential hangs on a Linux system while processing scanning of real-time file activity on a system. 


CWP Linux agent prior to


Performance: The performance issue was from a component used by the AutoProtect module (sisevt module) which was using a mutex with interrupts disabled while handling certain system calls, this had the potential to impact system performance on larger/multi-threaded systems and applications.  This mutex was unnecessary for today's operation and was removed. The removal of this mutex resulted in a noticeable performance increase.

System Lock-ups:  Hung processes waiting for scan results could result in system lock-up and potentially a panic of a system.  A problem was found in synchronization of the mutex associated with scanned objects that could result in waiting users/process from not being woken upon scan completion.  



Workarounds:  Disable AutoProtect feature or upgrade to latest CWP kmod package ( or 6.7.5.*). 

To disable AutoProtect on a system, run:

# su - sisips -c “./ -amd off”
# service sisamddaemon restart


# systemctl restart sisamddaemon


To update to the latest kernel module package to sdcss-kmod- or later, run:

RPM based systems (i.e. Amazon Linux, RHEL7, etc)
# yum update sdcss-kmod

Debian based package system (i.e. ubuntu 14, 16, etc)
# apt-get update;  apt-get install sdcss-kmod