High CPU is one issue and this log might be another issue. Besides opening TAC case there is few things that you can check on your own. Based on your log output assuming this is Linux server.


#1: I will make sure that you are on supported version, not only form AMP perspective, but also based on your OS/Kernel version

https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215163-amp-for-endpoints-linux-connector-os-com.html

#2: Verify the installation process, pay good attention to the GPG section as that is very important for proper connector functionality

https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215378-installation-of-the-amp-for-endpoints-li.html?referring_site=RE?pos=1&page=https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215163-amp-for-
endpoints-linux-conne...

#3: Gather diagnostic logs , this will be need it if you open TAC case to help you resolve this issue.

https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/200877-Collection-of-Diagnostic-Data-from-a-Fir.html

however if you know where to look you can verify outputs in the diagnostic bundle from

• File Operations: fileops.txt
• File Executions: execs.txt

The two files are helpful to determine top talkers and craft exclusion if need it.

Here is article on how to analyze MacOS Diagnostic Bundle which is very similar to Linux one.

https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215570-analize-macos-amp-diagnostic-bundle-for.html

#4: As a last resort I would also try completely remove AMP download fresh new copy from AMP portal and install the client again