This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About JesseBaxter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About JesseBaxter
07-21-2023
2Posts
0Likes
0Solutions
Jul 21, 2023Last Visited
User
Activity
User
Profile
Latest posts by JesseBaxter
| Subject | Views | Posted |
|---|---|---|
| 688 | 06-09-2023 11:32 AM | |
| 759 | 06-08-2023 09:46 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 04-26-2023 10:02 AM |
| Date Last Visited | 07-21-2023 01:45 PM |
| Posts | 2 |
06-09-2023
11:32 AM
Thanks a lot for sharing. We are going to narrow down the performance problems using the strategies you outlined.
... View more
06-08-2023
09:46 AM
Hello,
I have a system running workloads that is sensitive to CPU usage. The primary users have raised an issue that our currently applied XDR profile is causing detrimental delays in job processing. I confirmed this by disabling the agent to observe baseline activity. The current profile/policy has Exploit and Malware prevention set to "monitor only'. Posting here hoping for some recommendations how to address the performance issues, as I'm not the most familiar with Cortex XDR yet. The system pulls reports from internal NAS, combines them using a variety of batch jobs, and sends them off. The user provided the following description when I inquired about process exclusions: As far as "processes" go, the primary processes are the Poster process, which is a number of batch scripts and PosterWatcher.exe. The scripts that make up the batch processing system, Poster.cmd and PostForm.cmd primarily use built-in commands and executables. It's also possible that they call MQRequestClient.exe. There is also NT.Combine.cmd which primarily also uses built-in commands.
Given the context, what would be some appropriate strategies to exclude some of the sensitive workloads? I don't want to take a blunt approach such as whitelisting cmd.exe completely. Thanks in advance! Jesse
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-21-2023
01:45 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks