ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

sisamddaemon consumes a large amount of CPU and memory when logging into a system with EDR enabled.


Article ID: 238337


Updated On:


Endpoint Security Complete Endpoint Detection and Response


You notice when logging into a linux system that sisamddaemon uses a large amount of CPU and memory resources.   

The memory usage will continue to increase until OOM killer eventually kills the process.


Mar  4 13:46:24 sepclient01 kernel: Out of memory: Killed process 114761 (sisamddaemon) total-vm:18100244kB, anon-rss:7493384kB, file-rss:0kB, shmem-rss:4924kB, UID:0 pgtables:31148kB oom_score_adj:0         

The issue can be reproduced on any ssh login attempt. The issue does not happen if you disable EDR. 


Release : 14.3.2147.4000

Component : EDR


This issue is resolved with the latest definitions which include SEF engine version  To check the engine version, run the following command:

/opt/Symantec/sdcssagent/AMD/tools/sav info -e

An additional memory optimization fix is also available in product version 14.3.2167.4000.  

Additional Information