Consistent high memory usage on a Symantec Content Analysis System (CAS) at 90% can be attributed to several factors.

CAS/ISG-CAS

1. High Traffic Volume (Load)

• If the CAS is processing a high volume of traffic, especially if there are many concurrent users or a large number of files being scanned, it can lead to high memory usage.

2. Large File Scanning

• Scanning large files or complex archives that require extensive unpacking and inspection can consume significant memory resources.

3. Detailed Scan Policies

• Aggressive or detailed scanning policies that require deep content inspection can lead to higher memory usage.

4. Multiple Security Services Enabled

• Enabling multiple security services such as anti-malware, sandboxing, and content filtering simultaneously can increase memory demands.

5. Software Bugs or Memory Leaks

• Bugs or memory leaks in the CAS software can cause memory usage to grow over time without releasing it back to the system.

6. Configuration Issues

• Misconfigurations or suboptimal settings can cause the system to use more memory than necessary.

7. Insufficient Hardware Resources

• The hardware might be under-provisioned for the current load, leading to resource exhaustion.

8. Background Processes

• Background processes such as logs aggregation, reporting, or scheduled tasks could be consuming memory.

9. External Integrations

• Integrations with other security products or network components might be placing additional load on the CAS.

Consistent high memory usage on a Symantec Content Analysis System (CAS) at 90% can be attributed to several factors. Below are some common causes and potential steps for troubleshooting:

1. High Traffic Volume (Load)

• Monitor traffic patterns and volume. Consider load balancing if applicable. Also, ensure the ICAP Best Practice is implemented, and efficiently so.

2. Large File Scanning

• Check if large files or archives are being frequently scanned. Adjust file size limits or scan policies if necessary.

3. Detailed Scan Policies

• Review and optimize scan policies. Reduce the level of inspection for less critical traffic.

4. Multiple Security Services Enabled

• Evaluate the necessity of each service and disable any that are not required or consider optimizing their configuration.

5. Software Bugs or Memory Leaks

• Ensure the CAS is running the latest firmware and software versions. We recommend having CAS 3.1.7.0 installed and running.

6. Configuration Issues

• Review system configuration settings, such as cache sizes and timeout settings, and adjust them according to best practices.

7. Insufficient Hardware Resources

• Evaluate if the hardware meets the recommended specifications for the workload. Consider upgrading the hardware or scaling out to additional CAS devices.

8. Background Processes

• Monitor and manage background processes. Schedule intensive tasks during off-peak hours if possible.

9. External Integrations

• Review the integrations and ensure they are optimized. Limit unnecessary integrations or streamline their interactions with the CAS.

Troubleshooting Steps

1. Monitor System Resources: Use the CAS's built-in monitoring tools to track memory usage over time and identify patterns or spikes.
2. Analyze Logs: Review system and application logs for errors or warnings that might indicate problems.
3. Update Software: Ensure the CAS software is up-to-date with the latest patches and updates.
4. Adjust Policies: Optimize scanning and security policies to balance security needs with resource utilization.
5. Increase Resources: If feasible, add more memory or scale out the infrastructure to handle the load better.

By systematically addressing these potential causes, you can identify the root cause of the high memory usage and implement appropriate solutions to mitigate it. If the issue persists, contacting Symantec/Broadcom support for further assistance might be necessary.