Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

High CPU/Memory on DB and TS after 14.2 upgrade

  • 1.  High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 08, 2020 11:23 AM
    Greetings,

    We recently upgraded our SEPM to 14.2.5569.2100 and all seemed fine until we deployed the new SEP client to our database and Terminal Services servers. For those servers, the CPU utilization (and in some cases the memory) spiked to 100%, especially on the TS servers. We had been using the full version of the package, which Symantec had instructed us to change to the base server package, but even after re-deploying the slimmer package, the DB team is still saying that the resource allocation is still too high. 
    Has anyone else experienced this issue with the 12.2.5569.2100 client, full or slim? 

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------


  • 2.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Broadcom Employee
    Posted May 08, 2020 11:33 AM

    Yes. For Terminal Servers our best practice doc states you need to set the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui to 0 and then restart the SMC service.   This will resolve the issue.

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 3.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 12, 2020 11:08 AM
    We are seeing the same issue since upgrade to 14.2.5569.2100, all RDS servers that are running Windows Server 2016/2019 are showing 95-100% CPU load.
    Each user has a ccSvcHst.exe process,when we execute smc -stop by using the Windows 'Run' command all user processes will be killed and CPU drops immediately.
    When we do smc -start all ccSvcHst.exe processes are being activated again an CPU goes up instantly.

    I tried changing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui to 0  but I get:

    Error Editing Value
    Cannot edit LaunchSMCGui: Error writing the value's new contents.


    Original Message


  • 4.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 12, 2020 11:10 AM
    You must (at least temporarily) disable Tamper Protection.
    Original Message


  • 5.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 13, 2020 02:49 AM
    Hi Stephan,

    I forgot to mention that we are only using Symantec.cloud Endpoint Protection agent on servers, we don't have a SEP Manager.
    With Symantec.cloud agent you have management portal to add/delete agents, configure policies, etc, but I don;t see an option to disable Tamper Protection.
    Original Message


  • 6.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Broadcom Employee
    Posted May 13, 2020 10:17 AM
    Are you using SEPC or SES on the Servers?  If it is SEPC this is the wrong location to ask questions.  Can you send us a screenshot of your GUI so we can know for sure what client is running on your Servers?

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 7.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 13, 2020 10:34 AM
    It's called Symantec Endpoint Protection Small Business Edition in the GUI, also known as Symantec Endpoint Protection Cloud (SEP Cloud)
    With the previous version, 12.1, we didn't see this issue, it was immediately after the upgrade to 14.2.5569.2100.



    Original Message


  • 8.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Broadcom Employee
    Posted May 13, 2020 10:58 AM
    Yeah. Tamper Protection needs to be disabled before you can edit the registry key. I am not sure how to do that on the SBE product as I don't support it or work with it.  You should probably open a case with that team to find out how to get Tamper Protection Disabled.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 9.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 13, 2020 11:52 AM
    Hi Stephan,
    Do you mean you should temporarily disable tamper protection so that you can make the registry change? 

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------

    Original Message


  • 10.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted May 13, 2020 11:50 AM
    Edited by bbrehart May 13, 2020 11:52 AM
    Thanks, John. Is this recommended for all high I/O servers (such as database servers)?

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------

    Original Message


  • 11.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Broadcom Employee
    Posted May 13, 2020 11:55 AM
    Nope. Only Terminal Servers or Citrix Servers or servers set up to act as once of those.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 12.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted Jun 17, 2020 08:13 AM
    Edited by Robert-Jan Wolf Jun 17, 2020 08:14 AM

    Better late than never, to be able to disable Tamper Protection in Symantec.cloud Endpoint Protection you need to activate the 'older' yellow shield as an icon in the taskbar, you can use two XML files to show and hide that icon and then you can open the GUI and disable Tamper Protection and change the registry setting.

    After a reboot of the RDS servers we immediately see that ccSvcHst.exe processes are not running for all users anymore, but only for SYSTEM and we don't see high CPU load anymore.

    Steps are outlined below:

    1. https://knowledge.broadcom.com/external/article?legacyId=TECH237235 
    2. https://knowledge.broadcom.com/external/article?legacyId=TECH237192
    3. https://knowledge.broadcom.com/external/article?legacyId=tech192023
    4. https://knowledge.broadcom.com/external/article?legacyId=TECH91070

    Maybe this can help other users that are looking for a solution.


    Original Message


  • 13.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted Jun 18, 2020 07:56 AM
    Edited by Thomas Duhoux Jun 18, 2020 07:56 AM
    We haven't met the issue until we upgraded to this version. The registry workaround existed for SEP 12.X. Did 14.2.5569.2100 introduce some regression?

    Thanks
    Original Message