Environment
- App Control (formerly CB Protection): All Versions
Symptoms
- Performance delays often coupled with High CPU
- Extreme delay in installing updates or new software.
Cause
The cause of this is a <Sha256> macro being added to a Write rule. This macro should never be used in a Write type rule, as hashes cannot be gathered till after the file has been written. Meaning every write regardless of file type has to be analyzed against this rule.
Resolution
Remove or disable the Sha256 macro in the rule.
Additional Notes
A code change has been created to make these types of rules impossible to create. This change as referenced as EP-5294 will be included in the release notes for the versions that have this change.
Related Content
