Hi @RamyashreeMada ,
This is highly dynamic by nature as it would depend upon the activity on the endpoint during the scan. If there are running processes which Cortex XDR needs to scan, the agent takes more CPU to examine those process hashes. Many a times, this effort fails and hence the agent shows the scan status as "Completed with partial success" upon completion.
It also depends upon how many unique hashes are present on the endpoint for hash verdict determination and recieve the verdict from Wildfire cloud. Hence, it is not static by nature. However, the agent has a soft tuning by default to lower the usage of the Cortex XDR running process using Adaptive Policy Exception to monitor and lower the usage count every 30 minutes, which should bring it down to 5-10%.
Hope that answers your question!
Hi @PC-TomS ,
Adaptive policy exception is not something we can fine tune ourselves as it is designed to monitor resource utilisation activities on the endpoints during normal operating procedure of the agent and if encountered, the agent starts disabling modules to release the resources(if any). It also is a mechanism to consolidate that the agent itself is not the contributor or culprit to the utilisation problem on the endpoint.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!