- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hello,
We have some Windows Server 2016 scenarios with high CPU usage by EndPoint Forensic Recorder service. Apparently this only happens on servers that have more simultaneous connections or more network traffic.
Endpoint version 86.10
Can someone help me?
Thanks
Better contact CP TAC to discover the reason for this behaviour !
Thanks G_W_Albrecht
I use E86.20 and had not seen this issue. Are you using just vpn endpoint or sandblast suite (harmony endpoint)?
Andy
This is EFRService.exe - Forensics Recorder, part of SandBlast...
In such cases we have sk178706 in particular for Exchange Servers...
Please provide a link - sk178706 is not found...
Thanx - looks good...
Any update on this as I am seeing the same on some 2019 Servers.
Hey guys!
We were facing the same problem. In contact with Check Point's TAC, a developer generated a new EPS.msi where he disabled the Interface, and changed some parameters. Unfortunately he did not provide us with the commands executed to generate this (.msi).
The problem happened on Windows Servers 2012 and 2019, today I have the endpoints installed thanks to this file that the developer generated.
Because it is a Terminal Server (TS). The endpoint analyzed each connection that communicated with TS and ended up increasing the CPU a lot and even crashing to the point where we restarted the server.
If anyone finds a solution please post as we are seeing same symptoms with a customer with same scenario. Happens everyday multiple times a day for last couple weeks. We have a TAC case open.
Are you running E86.25 or newer?
Hello Chris,
I am running 86.10 and 86.25
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY