3 Replies Latest reply on Sep 21, 2011 10:41 PM by Lakshmanan Sathyamoorthy

    ePO 4.0 server CPU usage is 100 %

      Hi,

       

      our ePO 4.0 server CPU usage is 100 %

      for your kind reference i have attached the services screen shot.

      Thanks & Regards

      Lakshmanan S

        • 1. Re: ePO 4.0 server CPU usage is 100 %
          londonsec

          I'm willing to bet you are running VirusScan Enterprise on your ePO server...yes?  While it is good practice to protect your ePO server with VSE, you must make sure it is configured properly.

          For VSE running on an ePO server, you need to configure your exclusions accordingly:

          1. Default On-Access should be configured to use different scanning policies for high-risk, low-risk, and default processes
            • The exclusions in the default settings will not exclude any processes!  They will only work with file and folder exclusions.
          2. In the Low-Risk Process configurations, you will exclude:
            • FrameworkService.exe - this will improve overall performance with the agent
            • apache.exe - this will improve ePO console performance
            • eventparser.exe - this will significantly improve event insertion performance
            • tomcat5.exe - this will improve ASCI performance
          3. The Low-Risk "Scan Items" configurations should be configured to provide as little as possible settings.  Might I recommend only checking "When writing to disk" as the only setting.  As for what to scan, you can also set that to "Default + additional file types" to help reduce any potential impact.
            • If you're still experiencing performance issues with the above settings, I would recommend unchecking everything only if your network has some sort of IPS in place.
          4. Since you most likely have some exclusions listed in the Default policy exclusions tab, you will want to go through those and make sure the following is setup properly:
            • You do not have any .exe (programs or processes) listed.  If you do, VSE will only exclude the file from any scanning...not the process.
            • Any folder(s) you want to exclude must have an ending backslash (i.e. c:\folder\).  Regardless of the setting to exclude subfolders!  Without the ending backslash your folder is being treated as a file.
          5. Now, by selecting the option to use low-risk and high-risk settings you have also created a potential headache with all the high-risk processes now being checked with default levels of scanning.  You will want to go through the list of processes in the High-Risk Processes settings and remove or add according to your organizational needs.  I know people who have removed everything from the high-risk processes because they are all covered by the default.

           

          The main thing to remember here is that you are now configuring three policies for how your machines are handling files, folders, and processes.

          For more information on exclusions, I recommend you start with KB66909 as it is the Master Exclusion KB Article that will lead you to many other resources for different platforms, applications, and configurations.

          https://kc.mcafee.com/corporate/index?page=content&id=KB66909

           

          There are many more settings I could go into but for the sake of time...I'll let you figure them out from the KB articles.

           

          Hope this helps,

          Dennis

          • 2. Re: ePO 4.0 server CPU usage is 100 %
            londonsec

            Just wanted to follow up and make sure your issues have been addressed.

            Thanks for voting my answer as correct. 

            • 3. Re: ePO 4.0 server CPU usage is 100 %

                    Hi-

               

              thanks for the reply epo server is back to normal

               

              Thanks & Regards

              Lakshmanan