CPU Usage High on Endpoint Servers.
Article ID: 233523
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
Intermittent high CPU use on endpoint servers.
Environment
Release :
Component :
Cause
When changes are made to policies or configurations these settings need to be sent down to endpoint agents. Policies in particular can result in a large amount of traffic.
Resolution
Search server Aggregator logs for 'Communication Statistics:' This will provide the amount of traffic observed for various agent replicators, each corresponding to a unique agent function. Identify replicators with an abnormally high number of bytes transferred.
Or try reverting last policy changes.
See the below chart for common causes for CPU spikes:
| Replicator | Description | Remediation |
| PolicyMatrix | 'New' Agent policy downloads. | All agents connecting to a new Endpoint Server will be seen as 'new' agents and require all new data sent. On new Endpoint Servers, you can expect higher than average CPU/Network usage the first week a new Endpoint Server is deployed. |
| AgentAttributes | Agent AD attributes used for sorting into agent groups. | Attempt to use as narrow as possible AD queries for agent group attributes. For instance, if users are typically in many AD groups, avoid using wide breadth agent attributes such as 'MemberOf' |
| PolicyMatrixDeltas | Policy changes for existing agents. | When a policy is changed the differences compared to the previous policy set are transferred to agents, avoid modifying several policies at once. |
Feedback
Yes
No
Powered by
