Issue:
A large amount of Trusted File List information has been known to cause high CPU usage on the core server.
An indicator of this would be high CPU usage showing Task Manager on the Core server for the W3WP.EXE process serving the "LDAppVulnerability" IIS application pool.
Another indicator may be TrustedFileList*.XML files collecting in the LDLOGON\Agentbehaviors folder on the core server.
Cause:
Several things can contribute to the high Trusted File list activity coming from the Endpoint Security clients.
- Too many clients in learning mode.
When deploying Endpoint Security it is recommended to set only a token number of computers into learning mode. Those computers in learning mode should be chosen based on the usage needs.
Such as Department, Function of the computers, etc. If all computers are set to learning mode, this can result in a large amount of EPS activity being sent back to the core server. - Shadow Copy activity logging turned on.
The tracking of Shadow Copy activity will send a large amount of information from the clients to the core server.
Resolution:
Currently all Endpoint Security activity is processed on the core server by the WSVulnerabilityCore web service through the LDAppVulnerability application pool.
Steps can be taken to optimize IIS to help optimize throughput. Keep in mind that when IIS throughput is high, the database on the back end must be capable of keeping with the increased activity.
In addition, LANDesk has created some optimizations to the processing of EPS data that will be available in Service Pack 2 for LDMS 9.5.