Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Frank_Aguilieri
Explorer

High CPU Consuming on Endpoint Security on Windows Server

Hello,

 

 

We have some Windows Server 2016 scenarios with high CPU usage by EndPoint Forensic Recorder service. Apparently this only happens on servers that have more simultaneous connections or more network traffic.

EPS.png

Endpoint version 86.10

Can someone help me?

 

Thanks

 
 
 
 
 

 

0 Kudos
15 Replies
G_W_Albrecht
Legend
Legend

Better contact CP TAC to discover the reason for this behaviour !

CCSE CCTE SMB Specialist
0 Kudos
Frank_Aguilieri
Explorer

Thanks  G_W_Albrecht

0 Kudos
the_rock
Champion
Champion

I use E86.20 and had not seen this issue. Are you using just vpn endpoint or sandblast suite (harmony endpoint)?

Andy

0 Kudos
G_W_Albrecht
Legend
Legend

This is EFRService.exe - Forensics Recorder, part of SandBlast...

CCSE CCTE SMB Specialist
0 Kudos
Chris_Atkinson
Employee
Employee

In such cases we have sk178706 in particular for Exchange Servers...

0 Kudos
G_W_Albrecht
Legend
Legend

Please provide a link - sk178706 is not found...

CCSE CCTE SMB Specialist
0 Kudos
Chris_Atkinson
Employee
Employee

0 Kudos
G_W_Albrecht
Legend
Legend

Thanx - looks good...

CCSE CCTE SMB Specialist
0 Kudos
djhornby
Explorer

Any update on this as I am seeing the same on some 2019 Servers.

0 Kudos
lucas-ferreira
Participant

Hey guys!

We were facing the same problem. In contact with Check Point's TAC, a developer generated a new EPS.msi where he disabled the Interface, and changed some parameters. Unfortunately he did not provide us with the commands executed to generate this (.msi).

The problem happened on Windows Servers 2012 and 2019, today I have the endpoints installed thanks to this file that the developer generated.

Because it is a Terminal Server (TS). The endpoint analyzed each connection that communicated with TS and ended up increasing the CPU a lot and even crashing to the point where we restarted the server.

0 Kudos
rmsource_dotcom
Participant

If anyone finds a solution please post as we are seeing same symptoms with a customer with same scenario. Happens everyday multiple times a day for last couple weeks. We have a TAC case open.

Chris_Atkinson
Employee
Employee

Are you running E86.25 or newer?

0 Kudos
Frank_Aguilieri
Explorer

Hello Chris,

 

I am running 86.10 and 86.25

0 Kudos
Ruan_Kotze
Advisor

Might be worthwhile testing version E86.40.  There is a fix for high CPU usage on Windows Servers.

 

 

 

0 Kudos
rmsource_dotcom
Participant

We had the exact same symptoms with one of our clients. The underlying issue was due to a network ACL blocking traffic. We initially found logs that indicated an issue with Forensics data not being uploaded. This pointed us towards checking connections from the CPHE clients with the Connectivity Tool ("C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\CheckConnectivity.exe"). After seeing multiple fails we had our Network team whitelist the proper domains based off SK116590.

After adding the domains we no longer see CPU performance issues from the "Endpoint Forensic Recorder service". Hope this helps at least one person.