logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Performance Issues with MS Exchange Servers

App Control: Performance Issues with MS Exchange Servers

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Exchange Server: All Supported Versions

Symptoms

Long periods of high CPU usage by number of MS Exchange processes (e.g. msexchangerepl.exe) that are causing performance bottlenecks and that can lead to temporary service disruptions

Cause

During high CPU utilization the App C agent driver (Parity.sys) is spending too much time holding up the MS Exchange processes in kernel mode while evaluating file operations against existing rules

Resolution

  1. Log in to the Console and navigate to Rules > Software Rules > Rapid Configs > Microsoft Exchange Server.
  2. Verify the Rapid Config is Enabled and applied to all relevant Policies.
  3. Reduce the number of Custom rules active on the Exchange Servers:
    • Isolate the Exchange Servers in a separate Policy
    • Ensure that Custom Rules meant for Desktop systems are not applied to the Exchange Server Policy
  4. If the performance issues continue, please add a set of Kernel Exclusions as recommended in this MS Exchange KB:
    1. Navigate to https://ServerAddress/agent_config.php > Add Agent Config: 
      Name: Exchange Process Exclusions (or something memorable)
Host ID: 0
Value:
kernelProcessExclusions=*\program files\microsoft\exchange server\v*\Microsoft.Exchange.*.exe:4194303,*\program files\microsoft\exchange server\v*\MSExchange*.exe:4194303,*\program files\microsoft\exchange server\v*\edgetransport.exe:4194303,*\program files\microsoft\exchange server\v*\hostcontrollerservice.exe:4194303,*\program files\microsoft\exchange server\v*\noderunner.exe:4194303

Platform: Windows
Status: Enabled
Create For: Select only the relevant Exchange Server Policy
    2. Save, and add another Agent Config: 
      Property Name: Exchange FileOp Exclusions (or something memorable)
Host ID: 0
Value:
kernelFileOpExclusions=*.log:4194303,*.jsl:4194303,*.edb:4194303

Platform: Windows
Status: Enabled
Create For: Select only the relevant Exchange Server Policy
    3. Save the Agent Config and verify the relevant Agents show as Connected & Up to Date.
  5. Verify the Agents show as Connected & Up to Date then test for continued performance issues.

Additional Notes

  • Not every Exchange server will experience performance issues and the need to have the kernel exclusions applied
  • If unsure what exclusions are needed please collect agent logs then create support case for performance issues

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎08-18-2022
Views:
1046
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.