question

ronaldvandenberg-5545 avatar image
0 Votes"
ronaldvandenberg-5545 asked ronaldvandenberg-5545 answered

High memory usage in combination with f-secure

In some domains that we monitor the anti-virus client is replaced by f-secure. Since then the memory usage on a gateway is increasing till memory is full and the gateway restarts.

There is a well known document on which paths and processes of scom to exclude in your av client but that doesn't help. We now removed f-secure and all is back to normal.

Anyone using f-secure have any tips for us?

msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StoyanChalakov avatar image
1 Vote"
StoyanChalakov answered

Hi Ronald,

I have used it once, but I can tell you what you need to do from the support perspective.
This issue is most proably caused by the f-secure filter driver. AV filter drivers are know to cause such issues, that is the reason why Microsoft released this article:

How to temporarily deactivate the kernel mode filter driver in Windows
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver

When you are troubleshooting any one of these issues, frequently, you have to do more than just stop or disable the services that are associated with the software. Even if you disable the software component, the filter driver is still loaded when you restart the computer. You may be forced to remove a software component to find the cause of an issue.

So my advice would be to contact F-Secure and ask about an update or a fix.

I hope I could help you out with that!

Best Regards,
Stoyan


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ronaldvandenberg-5545 avatar image
0 Votes"
ronaldvandenberg-5545 answered

Hi Stoyan,

Thanks for your reply, unfortunately i cannot say it helps since this issue is suddenly resolved without anyone admitting to change anything so i'm waiting till it happens again.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StoyanChalakov avatar image
0 Votes"
StoyanChalakov answered

Hey Ronald,

do you suspect it can be indeed related to SCOM?

Regards,
Stoyan

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ronaldvandenberg-5545 avatar image
1 Vote"
ronaldvandenberg-5545 answered

All i know it's definitively related to F-secure, and scom was it's victim.

But meanwhile i've heard that the f-secure admin did do some more exclusion configuration than before what i was aware of, so it seems the solution is still in the part of excluding the scom processess and the health state folder but apparently it needs to be done at more then 1 level.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.