CPU

• Previously, in the 8.7.x agent, a closed-source kernel module was used for rules engine processing.
• Due to this, the kernel module CPU utilization was hidden to tools such as "top" and did not show as part of the b9daemon.
• In 8.8.x, all kernel processing has been moved to usermode and is done by the b9daemon resulting the higher CPU.
• The "hidden" CPU utilization by the 8.7.x kernel module is now visible to tools like "top" as part of the b9daemon.
• Internal testing has shown that the overall system CPU utilization is equal or better with the 8.8.x agent than it was with an 8.7.x agent.

Memory

• The Linux 8.8.4 memory utilization under heavy load could climb to a maximum of about 2GB where it levels off and doesn't increase anymore.
• In contrast, the 8.7.x agent's memory could grow unlimited until it causes system instability.

Kernel Exclusions

• Kernel exclusions are not as effective in 8.8.4 as they were in version 8.7.x due to the addition of a new agent config that moved them into user mode.
• To restore the effectiveness of kernel exclusion in 8.8.4, please follow the steps in the following KB.
• Kernel exclusions will be reverted back to the kernel by default in the upcoming 8.8.6 agent version.