Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2103
Views
0
Helpful
4
Replies

CSA - Leventmgr.exe occupying 98-100% resources

pemasirid
Level 1
Level 1

‎10-29-2010 09:13 AM - edited ‎03-09-2019 11:14 PM

Hi

We are running CSA MC (ver 6.0.2.130) with most of the windows policies on Audit mode in order to understand the system behavior then move to live mode. Now we are experiencing PC problems with leventmgr.exe using up 99% CPU on workstations. This started getting after we deployed CSA on those desktop PCs. In addition to above issue we also getting complain about some of the system which runs CSA is getting slow.

Can someone advise whether we are hitting any bug or missing any patch?.


Regards

Labels:
0 Helpful
4 Replies 4

jan.nielsen
Level 7
Level 7

‎10-29-2010 03:54 PM

I'm pretty sure there was a bug concerning leventmgr cpu usage. I will look through my mails and get back to you, you could try the bug navigator also.

0 Helpful

pemasirid
Level 1
Level 1
In response to jan.nielsen

‎10-29-2010 10:49 PM

Thanks a lot Jan for your reply. I would really appreciate if you could find me the bug ID for this. I have already checked on boot navigator but still couldnt find any bug related to this issue?.

0 Helpful

jan.nielsen
Level 7
Level 7
In response to pemasirid

‎10-31-2010 02:03 PM

Just checked my mails, the issue was something with validating certificate signatures on executables, so on a file copy it would spike leventmgr.exe which is doing the actual validation. It was solved though in 6.0.1 already, so you are probably looking at another bug, you should open a TAC case i think. One thing you could check though is if you have many applications in you untrusted apps list on the client, this can result on alot of processing time used by leventmgr in my experience.

Jan

0 Helpful

tsteger1
Level 8
Level 8
In response to jan.nielsen

‎11-03-2010 02:11 PM

It could be this bug which was found in 6.0.2.126 and is not fixed:

CSCtg98849 Bug Details

CSA: Windows Login Hangs or Takes Excessive Time with CSA Enabled

Symptom:
Logging into a Windows host can take an excessive amount of time, or result in a black screen with only a mouse pointer visible.

Conditions:
Windows host is protected by Cisco Security Agent with a default policy associated or any policy that includes the "Base - Basic Application Classification" policy.

Workaround:
Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents