CPU Usage High on Endpoint Servers.
search cancel

CPU Usage High on Endpoint Servers.


Article ID: 233523


Updated On:


Data Loss Prevention Endpoint Prevent


Intermittent high CPU use on endpoint servers. 


Release :

Component :


When changes are made to policies or configurations these settings need to be sent down to endpoint agents. Policies in particular can result in a large amount of policy traffic. 


Search server Aggregator logs for 'Communication Statistics:' This will provide the amount of traffic observed for various agent replicators, each corresponding to a unique agent function.  Identify replicators with an abnormally high number of bytes transferred. 

See the below chart for common causes for CPU spikes:

Replicator Description Remediation
PolicyMatrix 'New' Agent policy downloads. All  agents connecting  to a new Endpoint Server will be seen as 'new' agents and require all new data sent. On new Endpoint Servers, you can expect higher than average CPU/Network usage the first week a new Endpoint Server is deployed. 
AgentAttributes Agent AD attributes used for sorting into agent groups.  Attempt to use as narrow as possible AD queries for agent group attributes.  For instance, if users are typically in many AD groups, avoid using wide breadth agent attributes such as 'MemberOf'
PolicyMatrixDeltas Policy changes for existing agents.  When a policy is changed the differences compared to the previous policy set are transferred to agents, avoid modifying several policies at once.