This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CPU Usage with Lockdown Enabled

Does anyone else seem to experience an issue with the CPU usage on some virtual servers being rather high when lockdown is enabled? I am experiencing this on a few servers, some running 2012 R2, others running 2016 datacenter. I check the logs, and nothing is getting blocked by lockdown, so I am not understanding why the CPU would be getting tied up? In fact, om one server, I had to turn of lockdown since it would spike the CPU to near 100% constantly and not allow daily reports to generate. Any thoughts?



This thread was automatically locked due to age.
Parents
  • Hi  

    Would you please suggest whether you have done proper scanning exclusions on the server where you are getting performance issues because of lockdown.

    Also, please suggest if they are database servers or application servers. If application servers, whether all the needed application were installed before the lockdown of the server or installed any application after lockdown the server.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • It seems to be mostly application servers, and I made sure that legitimate process are excluded from the lockdown policy. However, I did not put them as scanning exclusions. Perhaps that is something I need to try. Most applications were installed before lockdown, but some were down afterward, where we unlocked the server, installed the application, and then locked it down again.

    One thing I have noted is that when Sophos does definition updates on a locked down server, it sometimes throws errors, and I will find a dll that got blocked by lockdown, even though the folder itself is under the lockdown policy exclusions.

Reply
  • It seems to be mostly application servers, and I made sure that legitimate process are excluded from the lockdown policy. However, I did not put them as scanning exclusions. Perhaps that is something I need to try. Most applications were installed before lockdown, but some were down afterward, where we unlocked the server, installed the application, and then locked it down again.

    One thing I have noted is that when Sophos does definition updates on a locked down server, it sometimes throws errors, and I will find a dll that got blocked by lockdown, even though the folder itself is under the lockdown policy exclusions.

Children