High CPU utilization on machines with Deep Security Agent (DSA)

Product / Version includes:

Deep Security11.1 , Deep Security11.2 , Deep Security20.0 , Deep Security11.0 , Deep Security10.2 , Deep Security10.1 , Deep Security10.0 , Deep Security12.0 , Deep SecurityAll , Deep Security10.3

Last updated: 2021/11/09

Solution ID: KA-0002329

Category: Troubleshoot

Summary

Check the items to isolate and troubleshoot the issue of high CPU usage on a Deep Security Agent machine.

Isolation Steps

Check which process encounters high CPU utilization:
- Windows: Task Manager
- Linux/HPUX: top output
- Solaris: prstat output
- AIX: topas output
If ds_agent.exe is encountering high CPU usage, check the version and build of the agent. Make sure that it is the latest version.
The CPU is being used for the cleanup of Integrity Monitoring baselines. This may cause a sudden increase in CPU usage. CPU usage should eventually go down once unused baselines have been purged.
If the CPU usage continues, try disabling the agent and verify if the issue still occurs. If it does, refer to the information below for the logs to collect.
To control the CPU usage of IM, go to Integrity Monitoring > Advanced.
Under CPU Usage section, set the Integrity Monitoring CPU Usage Level to Low.
Check if there is a recommendation scan being performed. This may also increase CPU usage on target machines.

Logs to Collect for Further Troubleshooting

Debug View Log
1. Download the DebugView utility.
2. Stop the Trend Micro Deep Security Agent service.
  
  Note that you can only stop the agent after disabling the self-protection.
3. Under C:\Windows directory, create a file named ds_agent.ini.
4. Add the following information under the ds_agent.ini file:
  trace=*
5. Launch DebugView.exe and enable the following under Menu > Capture:
  - Capture Win32
  - Capture Kernel
  - Capture Events
6. Start the Trend Micro Deep Security Agent service.
7. Check the Task Manager for the CPU usage on the machine. Take a screenshot of the Task Manager.
8. Export the information in DebugView to a CSV file.
One of the following:
- Memory dump (Windows). Follow this article: Forcing a System Crash from the Keyboard
- Core file (Linux/HPUX/Solaris/AIX)
One of the following:
- Perfmon log (Windows). Follow the steps in this article: How to create a log using System Monitor in Windows
- Linux/HPUX: Top output
- Solaris: prstat output
- AIX: topas output
Screenshot of the Task Manager showing the CPU usage
Copy of syslog
Diagnostic package

Debugging steps for Linux:

Create ds_agent.conf file and add debugging parameters:
echo 'trace=*' >> /etc/ds_agent.conf
echo 'dsa.log.maxSize=25' >> /etc/ds_agent.conf
echo 'dsa.log.maxFiles=20' >> /etc/ds_agent.conf
Restart ds_agent service.
To collect diagnostic package, use the command:
/opt/ds_agent/dsa_control -d

Submit these information to Trend Micro Technical Support for further analysis and assistance.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

High CPU utilization on machines with Deep Security Agent (DSA)

High CPU utilization on machines with Deep Security Agent (DSA)

Product / Version includes:

Summary