High CPU utilization by mfefw.exe during policy enforcement
Last Modified: 2021-12-09 22:37:42 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
High CPU utilization by mfefw.exe during policy enforcement
Technical Articles ID:
KB93208
Last Modified: 2021-12-09 22:37:42 Etc/GMT Environment
Endpoint Security (ENS) Firewall 10.x
Problem
There’s high CPU utilization with the ENS Firewall Business Object Hosting server ( Cause
This issue occurs when the ENS Firewall rules policy contains one or more Adaptive rules or user-defined rules with hundreds to thousands of single IP addresses included under local network or remote network. As a result, the size of the policy increases and there’s a long delay in fully completing the policy enforcement to the ENS Firewall Business Object Hosting server. NOTE: The same issue can occur if the ENS Firewall Options policy has hundreds of IP addresses as trusted networks or trusted executables. Here's an example of what the ENS Firewall debug log ………. 2020-07-02 18:11:13.980Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed. … 2020-07-02 18:20:07.670Z|Debug |FirewallBL |mfefw | 5412| 6528|FIREWALL |FWRulePolicyContainer.cpp(928) | RulePolicyContainer::EnforcePolicy begin. ………. 2020-07-02 18:26:14.238Z|Debug |FirewallBL |mfefw | 5412| 6528|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed. … 2020-07-02 18:35:08.438Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(928) | RulePolicyContainer::EnforcePolicy begin. ………. 2020-07-02 18:41:18.092Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed. Solution
To resolve the issue:
Affected ProductsLanguages:This article is available in the following languages: |
|