cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14395
Views
28
Helpful
31
Replies

CSE 8.0.1 and 8.1.3 causing significant slowdown after 4-5 days uptime

ac513
Level 1
Level 1

A few months back, we deployed Cisco Secure Endpoint 8.0.1 to our pilot Windows group and then our production Windows group. In testing there were seemingly no issues; However, eventually we began to notice that after these upgrades, Windows 10 (mostly 21H2) and Windows 11 devices (mostly 21H2, some 22H2) would begin to show significant symptoms of slowness including (but not limited to):

* Window dragging/resizing becomes slow. As in, if all other system animations and video playback are displaying at 60fps as per usual, then window dragging/resizing looks like it's going at about 10-20fps. Just choppy and super unresponsive.

* Print jobs could sometimes take several minutes to process, sometimes fail due to vague memory problems in error messages.

* Opening emails in Outlook could take an entire second or two, rather than instant or mere milliseconds.

* Other LoB software at random taking a very long time to respond/work.

When these slowdowns are happening, there are no obvious resource constraints. For example on my own machine -- 20-30% of my i7-9700k CPU in use (not abnormal because I run tons of programs and VMs), 50% of 32GB RAM free, and marginal disk activity on a Samsung EVO 970 SSD. This is normal for my system, and I never see CPU/RAM/disk anywhere close to being maxed out when these slowdowns occur.

A simple reboot will eliminate the issues for some time, but once the machine has 4-5 or more days of uptime again, all slowdowns return.

All of these symptoms immediately cease and stay resolved if I uninstall Cisco Secure Endpoint.

As a test, I got a version 8.1.3 connector installer. I removed Secure Endpoint on an affected machine (mine, Win11 22H2), and then installed 8.1.3. After 4-5 days, the same slowdown symptoms begin again.

I saw that 8.1.3's release notes mentioned a few fixes related to performance/memory leaks, but none of them seemingly had any effect on these symptoms in my test case.  https://docs.amp.cisco.com/Release%20Notes.pdf

So far as policy options, here is what we configure. No functional changes since July 2021 when we enabled Behavioral Protection, everything we have has been in place for over a year with no issues on version 7 clients.

ac513_0-1670021931186.png

 

Is anyone else seeing this behavior with the version 8 clients for Secure Endpoint?

 

31 Replies 31

Roman Valenta
Cisco Employee
Cisco Employee

And to wrap this up...

We are planning to release Cisco Secure Endpoint Windows Connector 7.5.11.21421 and 8.1.7.21417 today (April 17th) to production environments at following times.

 

APJC – 13:00 MDT (19:00 UTC)

EU     – 14:00 MDT (20:00 UTC)

NAM – 15:00 MDT (21:00 UTC)

 

  • Fixed an issue where the Secure Client UI would cause Slowdown after a couple days. (CSCwe72861)

Thanks rvalenta, greatly appreciate the updates throughout this ordeal!