This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Frank_Aguilieri
Explorer
‎2022-01-12 05:29 AM

High CPU Consuming on Endpoint Security on Windows Server

Hello,

 

 

We have some Windows Server 2016 scenarios with high CPU usage by EndPoint Forensic Recorder service. Apparently this only happens on servers that have more simultaneous connections or more network traffic.

EPS.png

Endpoint version 86.10

Can someone help me?

 

Thanks

 
 
 
 
 

 

0 Kudos
14 Replies
G_W_Albrecht
Legend
Legend
‎2022-01-13 03:19 AM

Better contact CP TAC to discover the reason for this behaviour !

CCSE CCTE SMB Specialist
0 Kudos
Frank_Aguilieri
Explorer
‎2022-01-18 09:04 AM
In response to G_W_Albrecht

Thanks  G_W_Albrecht

0 Kudos
the_rock
Champion
Champion
‎2022-01-18 09:30 AM

I use E86.20 and had not seen this issue. Are you using just vpn endpoint or sandblast suite (harmony endpoint)?

Andy

0 Kudos
G_W_Albrecht
Legend
Legend
a week ago
In response to the_rock

This is EFRService.exe - Forensics Recorder, part of SandBlast...

CCSE CCTE SMB Specialist
0 Kudos
Chris_Atkinson
Employee
Employee
a week ago
In response to G_W_Albrecht

In such cases we have sk178706 in particular for Exchange Servers...

0 Kudos
G_W_Albrecht
Legend
Legend
a week ago
In response to Chris_Atkinson

Please provide a link - sk178706 is not found...

CCSE CCTE SMB Specialist
0 Kudos
Chris_Atkinson
Employee
Employee
a week ago
In response to G_W_Albrecht

sk178706: Endpoint Security Client policy optimization for Microsoft Exchange Server 

0 Kudos
G_W_Albrecht
Legend
Legend
a week ago
In response to Chris_Atkinson

Thanx - looks good...

CCSE CCTE SMB Specialist
0 Kudos
djhornby
Explorer
‎2022-02-10 11:13 PM

Any update on this as I am seeing the same on some 2019 Servers.

0 Kudos
lucas-ferreira
Participant
‎2022-02-12 06:18 AM

Hey guys!

We were facing the same problem. In contact with Check Point's TAC, a developer generated a new EPS.msi where he disabled the Interface, and changed some parameters. Unfortunately he did not provide us with the commands executed to generate this (.msi).

The problem happened on Windows Servers 2012 and 2019, today I have the endpoints installed thanks to this file that the developer generated.

Because it is a Terminal Server (TS). The endpoint analyzed each connection that communicated with TS and ended up increasing the CPU a lot and even crashing to the point where we restarted the server.

0 Kudos
rmsource_Check_
Participant
3 weeks ago

If anyone finds a solution please post as we are seeing same symptoms with a customer with same scenario. Happens everyday multiple times a day for last couple weeks. We have a TAC case open.

Chris_Atkinson
Employee
Employee
3 weeks ago
In response to rmsource_Check_

Are you running E86.25 or newer?

0 Kudos
Frank_Aguilieri
Explorer
3 weeks ago
In response to Chris_Atkinson

Hello Chris,

 

I am running 86.10 and 86.25

0 Kudos
Ruan_Kotze
Advisor
a week ago
In response to Frank_Aguilieri

Might be worthwhile testing version E86.40.  There is a fix for high CPU usage on Windows Servers.

 

 

 

0 Kudos