Endpoint Protection

Expand all | Collapse all

High CPU/Memory on DB and TS after 14.2 upgrade

  • 1.  High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 28 days ago
    Greetings,

    We recently upgraded our SEPM to 14.2.5569.2100 and all seemed fine until we deployed the new SEP client to our database and Terminal Services servers. For those servers, the CPU utilization (and in some cases the memory) spiked to 100%, especially on the TS servers. We had been using the full version of the package, which Symantec had instructed us to change to the base server package, but even after re-deploying the slimmer package, the DB team is still saying that the resource allocation is still too high.
    Has anyone else experienced this issue with the 12.2.5569.2100 client, full or slim?

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------


  • 2.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 28 days ago

    Yes. For Terminal Servers our best practice doc states you need to set the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui to 0 and then restart the SMC service.   This will resolve the issue.

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 3.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 24 days ago
    We are seeing the same issue since upgrade to 14.2.5569.2100, all RDS servers that are running Windows Server 2016/2019 are showing 95-100% CPU load.
    Each user has a ccSvcHst.exe process,when we execute smc -stop by using the Windows 'Run' command all user processes will be killed and CPU drops immediately.
    When we do smc -start all ccSvcHst.exe processes are being activated again an CPU goes up instantly.

    I tried changing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui to 0  but I get:

    Error Editing Value
    Cannot edit LaunchSMCGui: Error writing the value's new contents.




  • 4.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 24 days ago
    You must (at least temporarily) disable Tamper Protection.


  • 5.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Hi Stephan,

    I forgot to mention that we are only using Symantec.cloud Endpoint Protection agent on servers, we don't have a SEP Manager.
    With Symantec.cloud agent you have management portal to add/delete agents, configure policies, etc, but I don;t see an option to disable Tamper Protection.


  • 6.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Are you using SEPC or SES on the Servers?  If it is SEPC this is the wrong location to ask questions.  Can you send us a screenshot of your GUI so we can know for sure what client is running on your Servers?

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 7.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    It's called Symantec Endpoint Protection Small Business Edition in the GUI, also known as Symantec Endpoint Protection Cloud (SEP Cloud)
    With the previous version, 12.1, we didn't see this issue, it was immediately after the upgrade to 14.2.5569.2100.





  • 8.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Yeah. Tamper Protection needs to be disabled before you can edit the registry key. I am not sure how to do that on the SBE product as I don't support it or work with it.  You should probably open a case with that team to find out how to get Tamper Protection Disabled.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 9.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Hi Stephan,
    Do you mean you should temporarily disable tamper protection so that you can make the registry change?

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------



  • 10.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Edited by Brian Brehart 23 days ago
    Thanks, John. Is this recommended for all high I/O servers (such as database servers)?

    Cheers

    ------------------------------
    Information Security Engineer
    Insurance Auto Auctions
    ------------------------------



  • 11.  RE: High CPU/Memory on DB and TS after 14.2 upgrade

    Posted 23 days ago
    Nope. Only Terminal Servers or Citrix Servers or servers set up to act as once of those.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------