Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Parity.exe spikes the CPU to 99% once an hour for a short period of time (15 seconds) on Windows endpoints

App Control: Parity.exe spikes the CPU to 99% once an hour for a short period of time (15 seconds) on Windows endpoints

Environment

  • App Control Windows Agent: All Versions
  • Windows OS: All Supported Versions

Symptoms

  • Parity.exe spikes the CPU to 99% once an hour for a short period of time (15 seconds)
  • Procmon capture during the CPU spike shows sequential reads for cache.db and writes to cache.chk
  • Events like "12:25:34 458137280 (2AC4) - CacheDatabase: Performing periodic backup" are written in the Trace.bt9 diagnostic file during the CPU spike

Cause

The agent is designed to take an hourly backup of the cache and create/update the cache.chk file locally on the endpoint. This is a designed function for agent health.

Resolution

The agent cache is a necessary part of the product and the impact of the backup cannot be reduced. However, the frequency it runs can be adjusted to prevent it from happening as often.
  1. Open browser to https://<servername>/agent_config.php
  2. Click "Add Agent Config"
    1. Name: Server Backup Frequency
    2. Host ID: 0 <Used for All Endpoints, or use the ID reference from the host details page address>
    3. Value: cache_backup_seconds=<time between backup in seconds, e.g. for two hours, set a value of 7200>
    4. Platform: Windows
    5. Status: Enabled

Additional Notes

  • The default value for cache_backup_seconds is 3600 seconds
  • the CPU spike might happen while parity.exe is scanning .msi files, but this is part of the verfication process for installers during the backup.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-11-2021
Views:
1397
Contributors