Long periods of high CPU usage by number of Microsoft Exchange processes (e.g. msexchangerepl.exe) that are causing performance bottlenecks and can lead to temporary service disruptions.

• App Control Agent: All Supported Versions
• Microsoft Exchange Server: All Supported Versions

During high CPU utilization the Agent driver (Parity.sys) is spending too much time holding up the Exchange processes in kernel mode while evaluating file operations against existing rules.

Step One: Verify Agent Configuration

1. Log in to the Console and navigate to Rules > Software Rules > Rapid Configs > Microsoft Exchange Server.
2. Verify the Rapid Config is Enabled and applied to all relevant Policies.
3. Reduce the number of Custom rules active on the Exchange Servers:
   • Isolate the Exchange Servers in a separate Policy
   • Ensure that Custom Rules meant for Desktop systems are not applied to the Exchange Server Policy
4. Upgrade to the latest version of the Agent to eliminate any potential performance enhancements or bug fixes.
5. Verify the Agent's Antivirus Exclusions are in any other security product.
6. Attempt to recreate the performance issue.

Step Two: Kernel Exclusions

If the issue persists, consider implementing the Kernel Exclusions as recommended by Microsoft:

1. Log in to the Console and navigate to https://ServerAddress/agent_config.php
2. Click Add Agent Config and use the following values:
   • Name: Exchange Process Exclusions (or something memorable)
   • Host ID: 0
   • Value:

     kernelProcessExclusions=*\program files\microsoft\exchange server\v*\Microsoft.Exchange.*.exe:4194303,*\program files\microsoft\exchange server\v*\MSExchange*.exe:8388607,*\program files\microsoft\exchange server\v*\edgetransport.exe:8388607,*\program files\microsoft\exchange server\v*\hostcontrollerservice.exe:8388607,*\program files\microsoft\exchange server\v*\noderunner.exe:8388607
     

   • Platform: Windows
   • Status: Enabled
   • Create For: Select only the relevant Exchange Server Policy
3. Save, and add another Agent Config:
   • Name: Exchange FileOp Exclusions (or something memorable)
   • Host ID: 0
   • Value:

     kernelFileOpExclusions=*.log:4194303,*.jsl:4194303,*.edb:4194303 

   • Platform: Windows
   • Status: Enabled
   • Create For: Select only the relevant Exchange Server Policy
4. Save the Agent Config and verify the relevant Agents show as Connected & Up to Date.
5. Attempt to recreate the performance issue.

If the issue persists, capture the Agent Performance Logs with a Standard Procmon Capture and open a case with Support.

• Not every Exchange server will experience performance issues, or require the Kernel Exclusions.
• If the issue persists after Step One, but Kernel Exclusions are not desired capture the requested logs and open a case with Support.