Troubleshooting - Performance issues on an agentless virtual machine
Cause: Limited resources
- Make sure that Deep Security Virtual Agent resource is reserved from settings.
- Ensure that the deployment has met the requirements specified in the installation instructions.
- On Deep Security Manager, go to Computers.
- Double-click the protected computer.
- For Anti-Malware, select Off.
Cause: Network traffic
- Add scan exclusions for locations that are known to reduce performance without improving security. For details, see Recommended scan exclusion list for Trend Micro Endpoint products in OfficeScan (OSCE).
The thin driver exclusion is case-sensitive.
- Change the policy setting for the virtual machine to None.
Cause: High CPU
- Identify which Deep Security Virtual Agent has high CPU usage.
- Go to the vCenter console, click each Deep Security Virtual Agent and select Performance to identify the machine with high CPU usage.
- Run the hop tool to determine which process is consuming most of the CPU usage.
- Identify the high CPU process memory consumption.
- Execute the following to check the process memory status: #cat /proc/$PID/status(Replace $PID with your own PID.)
- Verify that the vmsize is reasonable.
- Export the content to a log file using this command:
#cat /proc/$PID/status > /tmp/HighCPUProcessMemeory.txt
#sudo lsof –p $PID > /tmp/HighCPUProcessOpenedFile.t
- Check if the Deep Security Virtual Agent has enough free memory.
- Run the command cat /proc/meminfo to identify the Deep Security Virtual Agent system free memory.
- Run the command cat /proc/meminfo > /tmp/DSVAMemory.txt to export the content to a log file.
Cause: Security Update
- Check the connection between the relay and its update source or proxy server.
- Verify if you need to use a proxy server or not.
- Log into the Deep Security, go to Administration > System Settings > Proxy, and confirm that the configuration settings are correct.
- Perform a ping test between the agent and the relay-enabled agent.
- Make sure that the relay port number is open by using telnet [relay IP] [port number].
- Test the DNS and check if the host name of the relay can be resolved.
- Check if any firewalls are blocking the communication and disable them if they are.
- Unassign the current policy and check if the issue still persists.