The User Access Logging Service (UALSVC) consumes increasing amounts of RAM on Servers
search cancel

The User Access Logging Service (UALSVC) consumes increasing amounts of RAM on Servers

book

Article ID: 235912

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After a 14.3.x Symantec Endpoint Protection (SEP) client upgrade, the svchost.exe process hosting the User Access Logging Service (UALSVC) consumes a high amount of memory. Servers may become unresponsive, and event ID 2004 Resource Exhaustion Detector events may be seen. You would like to know if this issue is caused by Symantec Endpoint Protection.

Environment

Windows server 2012-2022

Cause

The Windows Server versions 2012r2 through 2022 have a service that logs user access.  There is an issue with this service that causes a memory leak and the server may stop responding after a while.

Resolution

This is a confirmed Memory Leak by Microsoft. Please reach out to Microsoft for additional support.

Workarounds: