Views:

Isolation Steps

  1. Check which process encounters high CPU utilization:
    • Windows: Task Manager
    • Linux/HPUX: top output
    • Solaris: prstat output
    • AIX: topas output
  2. If ds_agent.exe is encountering high CPU usage, check the version and build of the agent. Make sure that it is the latest version.
  3. The CPU is being used for the cleanup of Integrity Monitoring baselines. This may cause a sudden increase in CPU usage. CPU usage should eventually go down once unused baselines have been purged.

    If the CPU usage continues, try disabling the agent and verify if the issue still occurs. If it does, refer to the information below for the logs to collect.

  4. To control the CPU usage of IM, go to Integrity Monitoring > Advanced.
  5. Under CPU Usage section, set the Integrity Monitoring CPU Usage Level to Low.

    Integrity Monitoring CPU Usage Level

  6. Check if there is a recommendation scan being performed. This may also increase CPU usage on target machines.

Logs to Collect for Further Troubleshooting

  • Debug View Log
    1. Download the DebugView utility.
    2. Stop the Trend Micro Deep Security Agent service.
       
      Note that you can only stop the agent after disabling the self-protection.
       
    3. Under C:\Windows directory, create a file named ds_agent.ini.
    4. Add the following information under the ds_agent.ini file:

      trace=*

    5. Launch DebugView.exe and enable the following under Menu > Capture:
      • Capture Win32
      • Capture Kernel
      • Capture Events
    6. Start the Trend Micro Deep Security Agent service.
    7. Check the Task Manager for the CPU usage on the machine. Take a screenshot of the Task Manager.
    8. Export the information in DebugView to a CSV file.
  • One of the following:
  • One of the following:
  • Screenshot of the Task Manager showing the CPU usage
  • Copy of syslog
  • Diagnostic package

Debugging steps for Linux:

  1. Create ds_agent.conf file and add debugging parameters:

    echo 'trace=*' >> /etc/ds_agent.conf
    echo 'dsa.log.maxSize=25' >> /etc/ds_agent.conf
    echo 'dsa.log.maxFiles=20' >> /etc/ds_agent.conf

  2. Restart ds_agent service.
  3. To collect diagnostic package, use the command:

    /opt/ds_agent/dsa_control -d

Submit these information to Trend Micro Technical Support for further analysis and assistance.