Re: Cisco AMP Issues

Quintin.Mayo · ‎11-03-2017

The Cisco AMP client is causing some of my server to go unresponsive. The behavior is indicated by exceptionally long login times, excessive handle count of the sfc.exe process and it eventually failing communication with the AMP dashboard. I'm currently new to AMP and any assistance in this matter will greatly be appreciated.

Marvin Rhoads · ‎11-03-2017

There are profiles for both Domain controllers as well as a generic server profile that should be used for the AMP for Endpoints connector.

Did you install the server-specific endpoint connector profile?

Quintin.Mayo · ‎11-08-2017

Hi,

When investigating further we are showing the AMP connector accumulating large amounts of handles. The number of handles increases over time. I have attached a screenshot for review, cany you tell me what will cause excessive handles from the sfc.exe application? Thanks.

Andre Camillo · ‎09-02-2018

Was this question ever solved? Cheers

Vinay3goyal3 · ‎07-20-2022

I have a similar issue where my servers have millions of open handles. Also it looks like it is a handle leak coz I restarted my server and observed it over a period of time and I observed that sfc.exe opens 100+ handles every minute. which makes ~144000 handles in a day and 1,440,000 handles in 10 days at which the server essentially becomes unusable.