This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 14.000000000000002%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
In some domains that we monitor the anti-virus client is replaced by f-secure. Since then the memory usage on a gateway is increasing till memory is full and the gateway restarts.
There is a well known document on which paths and processes of scom to exclude in your av client but that doesn't help. We now removed f-secure and all is back to normal.
Anyone using f-secure have any tips for us?
Hi Ronald,
I have used it once, but I can tell you what you need to do from the support perspective.
This issue is most proably caused by the f-secure filter driver. AV filter drivers are know to cause such issues, that is the reason why Microsoft released this article:
How to temporarily deactivate the kernel mode filter driver in Windows
https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver
When you are troubleshooting any one of these issues, frequently, you have to do more than just stop or disable the services that are associated with the software. Even if you disable the software component, the filter driver is still loaded when you restart the computer. You may be forced to remove a software component to find the cause of an issue.
So my advice would be to contact F-Secure and ask about an update or a fix.
I hope I could help you out with that!
Best Regards,
Stoyan
----------
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
All i know it's definitively related to F-secure, and scom was it's victim.
But meanwhile i've heard that the f-secure admin did do some more exclusion configuration than before what i was aware of, so it seems the solution is still in the part of excluding the scom processess and the health state folder but apparently it needs to be done at more then 1 level.
Hi Stoyan,
Thanks for your reply, unfortunately i cannot say it helps since this issue is suddenly resolved without anyone admitting to change anything so i'm waiting till it happens again.
Hey Ronald,
do you suspect it can be indeed related to SCOM?
Regards,
Stoyan