Cisco Support Community
Community Member

CSA - Leventmgr.exe occupying 98-100% resources


We are running CSA MC (ver with most of the windows policies on Audit mode in order to understand the system behavior then move to live mode. Now we are experiencing PC problems with leventmgr.exe using up 99% CPU on workstations. This started getting after we deployed CSA on those desktop PCs. In addition to above issue we also getting complain about some of the system which runs CSA is getting slow.

Can someone advise whether we are hitting any bug or missing any patch?.



Re: CSA - Leventmgr.exe occupying 98-100% resources

I'm pretty sure there was a bug concerning leventmgr cpu usage. I will look through my mails and get back to you, you could try the bug navigator also.

Community Member

Re: CSA - Leventmgr.exe occupying 98-100% resources

Thanks a lot Jan for your reply. I would really appreciate if you could find me the bug ID for this. I have already checked on boot navigator but still couldnt find any bug related to this issue?.

Re: CSA - Leventmgr.exe occupying 98-100% resources

Just checked my mails, the issue was something with validating certificate signatures on executables, so on a file copy it would spike leventmgr.exe which is doing the actual validation. It was solved though in 6.0.1 already, so you are probably looking at another bug, you should open a TAC case i think. One thing you could check though is if you have many applications in you untrusted apps list on the client, this can result on alot of processing time used by leventmgr in my experience.



Re: CSA - Leventmgr.exe occupying 98-100% resources

It could be this bug which was found in and is not fixed:

CSCtg98849 Bug Details

CSA: Windows Login Hangs or Takes Excessive Time with CSA Enabled

Logging into a Windows host can take an excessive amount of time, or result in a black screen with only a mouse pointer visible.

Windows host is protected by Cisco Security Agent with a default policy associated or any policy that includes the "Base - Basic Application Classification" policy.

Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts


CreatePlease to create content