Environment
- App Control: All Supported Versions
- Windows: All Supported Versions
Objective
Identify potential processes and paths that may help improve Agent performance with a PO (Performance Optimization) Rule
Resolution
- Capture the ProcMon logs by following these steps.
- In the resulting capture go to Tools > File Summary > By Path > sort the columns by Writes.
- Note the Paths with the most writes, as these may identify Specific Paths to use in the PO Rule.
- Double click on the Path with the most writes to filter by Path and determine the Process(es) writing there.
- To identify the Process Path, double click the Process Name > click the Process tab > copy the Path value.
- Use the resulting File Path(s) and Process(es) to create a PO Rule accordingly.
Additional Notes
- There is no guarantee that this will improve performance but it gives a starting place
- If needed a procmon and full performance logs may provide additional information into potential performance improvements
- A PO rule only ignores Reads, Writes, Creates and Renames not the execution of an application
- If a process is writing executables that are being ignored then another rule may be needed to allow them to execute
Related Content
