Experiencing cpu spike on sisamddaemon  when scheduled scanning.
search cancel

Experiencing cpu spike on sisamddaemon  when scheduled scanning.

book

Article ID: 270987

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You notice a CPU spike on sisamddaemon during antimalware scheduled scans and it affects your endpoints overall performance. Increased CPU usage is considered normal during antimalware scans as the agent needs CPU to scan the files on your endpoint. However, there are few areas where you could improve the performance.

 

Environment

SEP Linux agent 14.3 RU5 or earlier

Resolution

1. Upgrade your Linux agent to 14.3 RU6 or later.  The SEP 14.3 RU6 agent came with improvements to scanning performance and will decrease the CPU spike experienced while scanning. Use the repackage tool for latest build:
https://linux-repo.us.securitycloud.symantec.com/seplpkg/index.html

2. Disable scanning inside container files and increase the number of threads allocated to scanning. Note that increasing the number of threads will not lower the overall CPU consumption, but it will help in balancing the load on more threads. 

Stop the AMD service:  

service sisamddaemon stop

Edit /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini
and  /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini.1

Set scanner.max.container.depth to 0:

scanner.max.container.depth=0

Change the value of amdmanagement.ondemand.scan.threads from 4 up to 16:

amdmanagement.ondemand.scan.threads=4

Start the AMD service:

service sisamddaemon start

3. Try narrowing down your scanning target by excluding directories.

4. Increase performance by adding more CPU power/cores.