Troubleshooting high CPU / Memory use by sisamddaemon and Auto-Protect enabled
search cancel

Troubleshooting high CPU / Memory use by sisamddaemon and Auto-Protect enabled

book

Article ID: 237314

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security Complete Data Center Security Server Advanced

Issue/Introduction

When looking at resource utilization of Symantec Endpoint Protection (SEP) Linux Agent or Symantec Datacenter Security Agent, you notice that sisamddaemon is using a large amount of CPU or memory resources.  The issue goes away when Auto-Protect scanning is disabled.  (/opt/Symantec/sdcssagent/AMD/tools/sav autoprotect -d) 

Environment

Symantec Linux Agent (14.3 RU1 or later)
Symantec DCS Agent (6.9.x)

Cause

By default, Auto-Protect will scan any file that is accessed or modified.  On busy servers, this activity can cause high CPU / Memory usage when installed applications have heavy disk utilization. 

Resolution

To resolve the issue, you can make exclusions for known good software and files that are frequently accessed.  You can determine which files Auto-Protect is scanning by monitoring scan activity for 10 minutes. To do this:

1. Login as root account or equivalent (who allow to become root or to run sudo)
2. Run following command (root can run a command as sisips uid without password)

su - sisips -c "./sisipsconfig.sh -approfile 10"  

=> this will start profiling the Auto-Protect scan activity for 10 minutes.

3. If high CPU usage is seen, note the time.
4. Collect and check the following log for what AP scanned at that time and make appropriate exclusions.
/var/log/sdcsslog/amdlog/profile.log

Note: Only files marked as 'Completed' in the profile log were actually scanned.  Excluded files will show in the profile log, but should not show as 'Completed'. If they do, exclusions should be verified.
          To proceed with the exceptions , check the KB "Creating exceptions for Linux platform "