This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Resource utilization during scans

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Resource utilization during scans

RamyashreeMada
L3 Networker

‎11-14-2022 10:27 PM

Hello,

Generally what is the resource utilization (memory, CPU, etc. ) by the XDR agents during the scans.  

0 Likes Likes
3 REPLIES 3

neelrohit
L5 Sessionator

‎11-14-2022 11:21 PM

Hi @RamyashreeMada ,

 

This is highly dynamic by nature as it would depend upon the activity on the endpoint during the scan. If there are running processes which Cortex XDR needs to scan, the agent takes more CPU to examine those process hashes. Many a times, this effort fails and hence the agent shows the scan status as "Completed with partial success" upon completion. 

 

It also depends upon how many unique hashes are present on the endpoint for hash verdict determination and recieve the verdict from Wildfire cloud. Hence, it is not static by nature. However, the agent has a soft tuning by default to lower the usage of the Cortex XDR running process using Adaptive Policy Exception to monitor and lower the usage count every 30 minutes, which should bring it down to 5-10%.

 

Hope that answers your question!

 

 

0 Likes Likes

PC-TomS
L3 Networker
In response to neelrohit

‎03-10-2023 02:46 PM

I'd like more information about Adaptive Policy Exception.  We encountered issues with CPU, RAM on some of our servers and are trying to tune the policies and exceptions to calm things down.

 

Thanks

0 Likes Likes

neelrohit
L5 Sessionator
In response to PC-TomS

‎03-10-2023 07:29 PM

Hi @PC-TomS ,

 

Adaptive policy exception is not something we can fine tune ourselves as it is designed to monitor resource utilisation activities on the endpoints during normal operating procedure of the agent and if encountered, the agent starts disabling modules to release the resources(if any). It also is a mechanism to consolidate that the agent itself is not the contributor or culprit to the utilisation problem on the endpoint.

0 Likes Likes
  • 2756 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks