Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR high CPU on a windows VDI workstation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR high CPU on a windows VDI workstation

L0 Member

We are having some performance issues, with cortex xdr eating up cpu during VDI bootup. We installed agent on a non-persistant VDI, and followed recommended config settings and also followed appvolume recommendation. 

I checked task manager and found that during boot up, it seems cortex xdr is competing with Defender in cpu consumption, defender is in passive mode. How do I make an exception in cortex to not compete with defender. 

4 REPLIES 4

Cyber Elite
Cyber Elite

@marlon333,

Little lost in what you mean by XDR is competing with Defender? At boot, Cortex XDR and Defender both naturally utilize higher CPU resources as they start and analyze everything else your machine is doing as parent processes spawn child processes all over the place. What exactly are you seeing on these machines? 

Thanks for the input BPry, I apologize for the misunderstanding. Our VDI desktop environment is having issues with CPU consumption at 100% during bootup. Defender is in passive mode but consuming 25% of cpu and Cortex is CPU consumption is very high above 50%, bootup is taking a longtime. I was wondering if there is an exemption solution for example, defender process exe and or folder paths for defender. 

Cyber Elite
Cyber Elite

@marlon333,

So I just want to point out that PAN actually recommends disabling or removing Windows Defender to avoid performance issues. This should happen automatically for everything except servers where it can't disable it automatically and you need to manually do that. 

You can add an exception through a global process exception if you want to give that a go. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Globa...

L0 Member

We were seeing the same issue. We had services that were not starting, defender service was stuck on stopping, the CPU usage was really high and the VDI's would not register. 

 

I saw in the release notes for 8.1.1 that it included this fix (which was released August 14th, not long after the August 1st release) 

CPATR-20862

Fixed an issue that may impact performance on VDI systems during boot up.

 

Since upgrading the agent to 8.1.1 we are no longer seeing the issue. 

 

Thanks

  • 4350 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!