SNTP service consuming memory

SNTP service consuming memory in system. frequently other application hanging due to this. have to restart the system afterwards.

can someone please guide regarding this.

the NTP log files are showing below alerts

a 2021-04-14T03:14:12.729Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\cobas 8000 - 2\lis_interface.exe' accessed: google.com
a 2021-04-14T03:14:12.729Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\unicel dxi 800 - 1\lis_interface.exe' accessed: google.com
a 2021-04-14T03:14:12.731Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\cobas 8000 - 2\lis_interface.exe' accessed: google.com
a 2021-04-14T03:14:12.731Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\access2 - 1\lis_interface.exe' accessed: google.com
a 2021-04-14T03:14:12.732Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\unicel dxi 800 - 1\lis_interface.exe' accessed: google.com
a 2021-04-14T03:14:12.735Z [2364:2816] - Process: '\device\harddiskvolume4\newlisinterface\access2 - 1\lis_interface.exe' accessed: google.com

Parents
  • Hello James P,

    looks like there are at least three immunology analysers connected to this system.
    For whatever reason the associated lis_interface.exe processes access google.com (is perhaps the data written to Google Drive?) at high frequency (millisecond intervals). Seems that this is causing the memory consumption (dunno though if this is expected or a bug in SNTP).

    Are you indeed using the on-premise SEC-managed ESC or Central/Intercept x? I'm not familiar with Central and its SNTP/IPS component in particular.AFAIK for ESC you'd have to add a file exclusion for lis_interface.exe in the Anti-Virus and HIPS policy (note: the setting must be made in the Console - a local exclusion won't wokr), On-access scanningConfigure... → tab Windows Exclusions. Please be aware that this excludes these files not only from SNTP inspection but also on-access scanning.
    Can't say whether this also applies to Central as it has an additional IPS policy.

    Christian.        

Reply
  • Hello James P,

    looks like there are at least three immunology analysers connected to this system.
    For whatever reason the associated lis_interface.exe processes access google.com (is perhaps the data written to Google Drive?) at high frequency (millisecond intervals). Seems that this is causing the memory consumption (dunno though if this is expected or a bug in SNTP).

    Are you indeed using the on-premise SEC-managed ESC or Central/Intercept x? I'm not familiar with Central and its SNTP/IPS component in particular.AFAIK for ESC you'd have to add a file exclusion for lis_interface.exe in the Anti-Virus and HIPS policy (note: the setting must be made in the Console - a local exclusion won't wokr), On-access scanningConfigure... → tab Windows Exclusions. Please be aware that this excludes these files not only from SNTP inspection but also on-access scanning.
    Can't say whether this also applies to Central as it has an additional IPS policy.

    Christian.        

Children