This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Robinson
Contributor
Contributor
‎2017-05-19 02:26 PM

R80.10 threat extraction high cpu usage

hi,

ive been testing R80.10 with all blades enabled and 2 or 3 days ago I noticed high cpu usage on a 'cat' process in top, to the point where I'm now unable to push policy.

i used pstree to identify the parent process being scrubd, which after a little research found it related to threat extraction.

I dad manage to successfully push policy if I killed the 'cat' processed with 'kill -9'.

Removing the threat extraction blade restores cpu usage to  normality.

i took a migrate export and tried importing the backup to a vm to see if the issue arose, unfortunately it did.

does anyone have any ideas on how I can fix this without rebuilding from scratch?

thanks

Dave

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2017-05-20 01:48 PM

Have you opened an SR with TAC on this issue?

0 Kudos
David_Robinson
Contributor
Contributor
‎2017-05-20 01:52 PM
In response to PhoneBoy

No not yet, I thought I may find an answer here before raising with tac

0 Kudos
Bogdan_Tatomir2
Explorer
‎2017-07-16 12:38 PM
In response to David_Robinson

Hello,

I am experiencing the exact same issue. SmartConsole reports Threat Extraction blade is unresponsive, there is a "/bin/cat /dev/urandom" process eating up 100% of one CPU core.

Doing a kill -9 on the process spawns a second similar one. Killing the second one stops the spawning, but renders Threat Extraction useless.

Did you happen to find any solution to this yet?

Thank you

0 Kudos
Bogdan_Tatomir2
Explorer
‎2017-07-16 01:32 PM

Sorry for rushing in with the question. I found the culprit - Threat Extraction Web API.

Also there is a solution available at sk118353 .

For me it fixed the issue. Hope this helps!

PhoneBoy
Admin
Admin
‎2017-07-16 01:46 PM
In response to Bogdan_Tatomir2

That's great to hear!

https://community.checkpoint.com/people/dave.45cc086d-5044-468e-82c2-8ee173df935e‌ does this fix the issue for you?

0 Kudos
David_Robinson
Contributor
Contributor
‎2017-07-16 02:26 PM
In response to PhoneBoy

Hi,

Since my setup was in a lab environment I decided to rebuild it clean and configure it as a distributed config rather than a stand-alone.

i have not had the issue so far.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events