Re: Performance issues with policy updates

kodyrubida · ‎06-20-2024

We are having a user that has been running into perofmance issues stemming from secure endpoint, when looking at the logs I see their machine's policy is being updated multiple times a day. What does the entail? And how can I fix this?

Matthew Franks · ‎06-20-2024

Policy updates occur when someone makes a change to the policy in the console. On the next heartbeat interval, the endpoint will check in, see that there is a new policy, and pull down the update. That shouldn't cause a performance issue by itself. If someone is enabling/disabling different engines or changing your block/allow/exclusion lists, that could have an impact on performance. I'd suggest looking to see who is making policy changes and why for more details.

kodyrubida · ‎06-20-2024

Is it possible it might be pulling updates even though nothing has changed. Our security admin is out of town and I am the only one that manages secure endpoint. Nobody should be making changes besides me.

Matthew Franks · ‎06-20-2024

Are you using the Cisco Maintained lists by any chance? Many of them were updated over the last 2 days so that could have caused a lot of policy updates if you're using several lists in the policy. Seems to line up with this. Shouldn't have caused any performance issues though. If you are experiencing any issues with performance, please open a TAC case so they can help troubleshoot. Here is the announcement we posted regarding this.

Thanks,

-Matt

kodyrubida · ‎06-20-2024

We are in fact using the maintained lists. Thanks for all your help this seems to be what's causing this.