High CPU usage due to failed SEP Linux agent exclusions
search cancel

High CPU usage due to failed SEP Linux agent exclusions

book

Article ID: 250717

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Despite entering appropriate exclusions in the ICDm Allow List policy, sisamddaemon utilizes a high CPU% on Linux servers where SEP (Symantec Endpoint Protection) Linux agent is installed.

Environment

Release : SEP/SES 14.3 RU1 - 14.3 RU5 

Component :  

Cause

When creating Linux exclusions in the Allow List policy in the ICDm, there are options to utilize Prefix variables (ROOT, HOME, BIN, ETC, USR, OPT).  If any of these prefix variable are used for Linux exclusions, the result will be an invalid exclusion when the SES client attempts to process the exclusion list.  

Resolution

Until this issue is fixed, prefix variables should not be utilized for Linux path exclusions.

Workaround:  Instead of using the provided prefix variables, choose [NONE] for the prefix and enter the full path for the exclusion.

 

Example:

 

 

 

Additional Information

SEPLINUX-1552

Powered by Wolken Software