Cisco AMP for Endpoints on Windows 2016 grabs more and more memory until it crashes
On our Windows 2016 Servers, Cisco AMP for Endpoints gradually takes more and more memory until the server crashes with memory exhaustion errors. I looked at the memory usage on one of the servers just before it crashed and sfc.exe (Cisco AMP for Endpoints Connector) was using 18,661,428 Commit (KB), 227,656 Working Set (KB), 33,060 Shareable (KB) and 194,596 Private (KB). So, Cisco AMP for Endpoints Connector has grabbed over 18GB of Memory.
I've upgraded to the latest version of Cisco AMP for Endpoints and it doesn't make a difference.
first question i have is what does your policy look like? I have version 7.1.5 on 41 2016 servers and i have not seen that issue. with that said i only have it on my servers to capture trajectory info for investigation purposes. when i installed it i used the /skiptetra 1 So Av part of Clamav would not get installed.
a suggestion i have is to put it in debug mode and then look at the logs to see what files it is hitting. you may need some exclusions
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...