We had an ePO that would lock up two to three times per week. Editing IPS exceptions was also a chore.
Finally, our admin built a new ePO from scratch and all was going well. Today we began reapplying all our different IPS rulesets. In some branches, there were up to 4 IPS rules instances after this. Shortly after, our new ePO locked up so hard we had to roll back to a snapshop from 2 days ago.
Is it possible having too many IPS ruleset instances can cause an ePO to lock up?
Well that's properbly not the root cause.
I would start by looking after rules that flood the ePO with events. From the scenario described, it could be just about anything
We found the lock ups were unrelated. Our lockups were an Automatic Response to DLP events, notifying us by e-mail when an attempt occured. Turned out, the filters in place for that event were doing some of the same filtering over and over again, locking up the server.
We're sticking with 3 rulesets or less for IPS rule assignment instances anyway. IPS exception and rule edits aren't taking very long.