Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

Resolving High CPU Utilization Caused by Third-Party Security Agent Processes

Overview


High CPU utilization may unexpectedly affect one or more servers or network elements, potentially degrading performance or causing resource contention. This issue can arise even without any configuration or application changes. When the increase is abrupt and not linked to native application processes, it is often essential to investigate operating system-level or third-party agent activity. Understanding the origin of such resource usage is critical for maintaining system stability and performance.

Solution


A common root cause of unexpected high CPU usage is third-party endpoint protection or security agent processes. These are often introduced by system-level security tools and may not be part of the core application stack. The following steps outline how to identify and mitigate such issues:

  1. Identify the Top CPU-Consuming Process:

    • Use the top command or system monitoring tools to determine which process is consuming the most CPU.

    • Note the process name, PID, and user under which it is running.

  2. Investigate the Process Origin:

    • Research the identified process (e.g., xagt, savservice, etc.) to determine whether it is part of a third-party tool such as FireEye/Trellix, Symantec, McAfee, etc.

    • Verify whether it is part of your standard endpoint security policies.

  3. Check System Logs for Anomalies or Restarts:

    • Review /var/log/messages or equivalent system logs for any restarts or abnormal behavior by the identified process.

    • Correlate log timestamps with the observed CPU utilization spike.

  4. Engage OS or Security Administration Team:

    • If the process is external to the application stack, coordinate with the OS or endpoint security team to:

      • Validate the process's normal behavior.

      • Determine if recent updates or scans triggered the spike.

      • Optimize, limit, or reschedule the process to reduce system impact.

  5. Preventative Monitoring and Documentation:

    • Implement continuous monitoring to detect similar anomalies proactively.

    • Document process behavior patterns to differentiate expected vs. abnormal activity in the future.


Proactively managing and monitoring third-party processes ensures that critical systems remain performant and secure, minimizing unplanned downtime and service disruptions.


<supportagent>Related Ticket: #60036476</supportagent>


Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Deepanshu Dewan

  2. Posted

Comments