This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CPU Usage with Lockdown Enabled

Does anyone else seem to experience an issue with the CPU usage on some virtual servers being rather high when lockdown is enabled? I am experiencing this on a few servers, some running 2012 R2, others running 2016 datacenter. I check the logs, and nothing is getting blocked by lockdown, so I am not understanding why the CPU would be getting tied up? In fact, om one server, I had to turn of lockdown since it would spike the CPU to near 100% constantly and not allow daily reports to generate. Any thoughts?



This thread was automatically locked due to age.
  • Hi  

    Would you please suggest whether you have done proper scanning exclusions on the server where you are getting performance issues because of lockdown.

    Also, please suggest if they are database servers or application servers. If application servers, whether all the needed application were installed before the lockdown of the server or installed any application after lockdown the server.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • It seems to be mostly application servers, and I made sure that legitimate process are excluded from the lockdown policy. However, I did not put them as scanning exclusions. Perhaps that is something I need to try. Most applications were installed before lockdown, but some were down afterward, where we unlocked the server, installed the application, and then locked it down again.

    One thing I have noted is that when Sophos does definition updates on a locked down server, it sometimes throws errors, and I will find a dll that got blocked by lockdown, even though the folder itself is under the lockdown policy exclusions.

  • Hi  

    I'd request you to do legitimate scanning exclusion on one of your server using different test policy for it and observe how it goes with that server.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • From my experience on certain servers it absolutely hammers the performance. Domain controllers become very very slow (So do user logins) after a few days and rebooting gets them back to normal again for a limited amount of time.

    It's not a RAM or CPU issue, it's something else.. Almost seems like a memory leak.

    Other servers that don't seem to like lock-down very much are file servers and servers hosting SQL databases.