Identify potential processes and paths that may help improve Agent performance with a Performance Optimization (PO) Rule

• App Control: All Supported Versions
• Windows: All Supported Versions

1. Capture the ProcMon logs by following these steps.
2. In the resulting capture go to Tools > File Summary > By Path > sort the columns by Writes.
   • Note the Paths with the most writes, as these may identify Specific Paths to use in the PO Rule.
   • Double click on the Path with the most writes to filter by Path and determine the Process(es) writing there.
3. To identify the Process Path, double click the Process Name > click the Process tab > copy the Path value.
4. Use the resulting File Path(s) and Process(es) to create a PO Rule accordingly.

• There is no guarantee this will alleviate all performance issues, but it gives a starting place
• A PO Rule only ignores Reads, Writes, Creates and Renames not the execution of an application
• A PO Rule should never be used with files that are expected to execute, as this will negatively impact performance and cause unexpected blocks.
• If needed, a support case with the full Agent Performance Logs may be necessary.