Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
1
Replies

Citrix Env - Cisco AMP Massive Writes 8.2.1.21612

awhelan124
Level 1
Level 1

‎11-09-2023 07:52 AM

Hi All

We're seeing issues with our write cache filling on our Citrix environment trawling through procmon we see clamav for cisco amp creating a massive amount of writes, generating a debug log and looking at around the time of the writes we see the below

(31691734, +2989 ms) Nov 09 15:03:41 [9736]: ERROR: Event::SlowProcessor unable to calculate hash using handle(\\?\C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EA1041CD.xlsx)

 

31695890, +0 ms) Nov 09 15:03:45 [25776]: ERROR: ETWEnableConfiguration::IsETWEnabled: ETW not initialized due to incompatibile OS

 

(31695890, +4148 ms) Nov 09 15:03:45 [25776]: ERROR: Util::VerifyOsVersion: OS does not match 18 and check failed, returning 1150 : 1150 : The specified program requires a newer version of Windows.

 

The "Unable to calculate hash" error seems to be 99% of the logs, anyone have any ideas what this is or have seen it before?

 

OS Version: Server 2016

AMP Version: 8.2.1.21612

 

Thankyou in advance

0 Helpful
1 Reply 1

Roman Valenta
Cisco Employee
Cisco Employee

‎11-09-2023 11:34 AM

ERROR: Event::SlowProcessor unable to calculate hash using handle is just generic message pretty much saying that due to SLOW CPU we couldn't performed task ABCD.

 

There is many things that can have performance impact and AMP is not always the one.


Whats is the actual issue in this case? Is the server exhausted in other words performance is degraded? How about simple test just to try stop the sfc.exe connector and verify if performance returned to normal or not. If not you can rule out SE being the issue.

 

 

0 Helpful
Customers Also Viewed These Support Documents