#/opt/ds_agent/sendCommand --get GetConfiguration | grep SENSOR <PackageItem filename='Feature-SENSOR-RedHat_EL8-20.0.0-4416.x86_64.dsp' hashalg='sha256' hash='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXC3BA32E4BBB5E6AC9C1FD' size='2499' is='dsp'/> <Feature name='SENSOR' state='0'/>

#/opt/ds_agent/sendCommand --get GetConfiguration | grep Udso <SensorDataSetting sensorActivityEnabled='true' activityDataFormat='0' activityDebugMode='2' c1wsIocEnabled='false' filteringRulesOverride='' v1UdsoEnabled='false' sensorIndicatorEnabled='false'/>

High CPU utilization for the ds_am process after enabling Threat Intelligence in Cloud One - Workload Security

Product / Version includes:

Cloud One - Endpoint and Workload SecurityAll

Last updated: 2024/05/21

Solution ID: KA-0013008

Category: Troubleshoot

Summary

Customers that are using the Deep Security Agent(DSA) version 20.0.0-3964 or higher, and have enabled the Threat Intelligence(TI) feature may encounter an increase in CPU utilization for the ds_am process on their Linux machines. In this feature, there is a mutex lock protection which can result to waiting or busy state of a resource and CPU utilization increase. This should not impact the security functionality of the agent but if the performance of the server is impacted, you may follow the mitigation steps below.

Mitigation Steps

Login to the Cloud One - Workload Security console.
Navigate to the Administration Tab > System Settings > Threat Intelligence and uncheck the Trend Micro Vision One Suspicious Object Management to disable this feature
Disable the Activity Monitoring Module either directly on the affected Computer's Properties or in the Policy.
Make sure to initiate the Send Policy again to all of hosts
Once the Activity Monitoring and Threat Intelligence are disabled on the agent, the CPU utilization should go back to normal
Re-enable the Activity Monitoring Module either from the Computer Properties or Policy to continue using the integration with Vision One.

To verify that you have successfully disabled the Activity Monitoring execute the following command

#/opt/ds_agent/sendCommand --get GetConfiguration | grep SENSOR
   <PackageItem filename='Feature-SENSOR-RedHat_EL8-20.0.0-4416.x86_64.dsp' hashalg='sha256' hash='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXC3BA32E4BBB5E6AC9C1FD' size='2499' is='dsp'/>
   <Feature name='SENSOR' state='0'/>

To verify that you have successfully disabled the Threat Intelligence execute the following command

#/opt/ds_agent/sendCommand --get GetConfiguration | grep Udso
 <SensorDataSetting sensorActivityEnabled='true' activityDataFormat='0' activityDebugMode='2' c1wsIocEnabled='false' filteringRulesOverride='' v1UdsoEnabled='false' sensorIndicatorEnabled='false'/>

Official Fix

The fix will be included in the next DSA release (2022-05)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

High CPU utilization for the ds_am process after enabling Threat Intelligence in Cloud One - Workload Security

High CPU utilization for the ds_am process after enabling Threat Intelligence in Cloud One - Workload Security

Product / Version includes:

Summary