06-20-2024 06:35 AM
We are having a user that has been running into perofmance issues stemming from secure endpoint, when looking at the logs I see their machine's policy is being updated multiple times a day. What does the entail? And how can I fix this?
06-20-2024 07:17 AM
Policy updates occur when someone makes a change to the policy in the console. On the next heartbeat interval, the endpoint will check in, see that there is a new policy, and pull down the update. That shouldn't cause a performance issue by itself. If someone is enabling/disabling different engines or changing your block/allow/exclusion lists, that could have an impact on performance. I'd suggest looking to see who is making policy changes and why for more details.
06-20-2024 07:26 AM
Is it possible it might be pulling updates even though nothing has changed. Our security admin is out of town and I am the only one that manages secure endpoint. Nobody should be making changes besides me.
06-20-2024 08:02 AM
Are you using the Cisco Maintained lists by any chance? Many of them were updated over the last 2 days so that could have caused a lot of policy updates if you're using several lists in the policy. Seems to line up with this. Shouldn't have caused any performance issues though. If you are experiencing any issues with performance, please open a TAC case so they can help troubleshoot. Here is the announcement we posted regarding this.
Thanks,
-Matt
06-20-2024 09:00 AM
We are in fact using the maintained lists. Thanks for all your help this seems to be what's causing this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide