Virtual Advanced Threat Defense constantly shows high memory usage and the Email Connector is unstable
Last Modified: 2023-02-24 11:09:29 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Virtual Advanced Threat Defense constantly shows high memory usage and the Email Connector is unstable
Technical Articles ID:
KB94639
Last Modified: 2023-02-24 11:09:29 Etc/GMT Environment
Virtual Advanced Threat Defense (vATD) Virtual Intelligent Sandbox (vIS) Problem 1
vATD/vIS constantly shows high memory usage in monitoring systems, including Dashboard, SNMP polling, SNMP trap reports, and Problem 2
Email Connector becomes unstable. It exhibits one or more of the following symptoms in a busy email environment:
CauseThe deployment package installs vATD/vIS to your hypervisor host with a default memory size of 32 GB. This memory size setting determines the upper limit of memory space that vATD/vIS can use.
vATD/vIS has evolved to support recent Windows 10 builds. We've observed that the recent Windows 10 build tends to use more memory space. In the back-end of vATD/vIS, the Windows sandbox VM is created with a fixed memory space as 3 GB. vATD allows creating 8 licenses of Windows 10 Sandbox VM, which in total use 24 GB of memory out of the 32 GB limit. The Email Connector is implemented as a VM running on the hypervisor. Email Connector VM runs in parallel with other Windows Sandbox VMs and is created with a fixed memory space of 4 GB. In a busy environment, resource usage inside the Email Connector VM becomes high. This resource usage can lead to services and the entire system stopping reponding (crashing). vATD/vIS has a resource usage warning feature, which raises a warning at 75% memory usage by default. For example, you have 7 Windows 10 Sandbox VMs and an Email Connector on vATD/vIS. The total memory space used for the VMs is 7 × 3 + 4 = 25 GB. This 25 GB usage reaches the Windows 10 memory usage threshold. In the back-end, there are several other mission-critical services. These services include database and web server, which run concurrently and also require memory space. These processes also require a certain amount of memory space. In these scenarios, the default 32 GB memory size isn't sufficient for smooth operation and you see the following issues:
Solution 1
We've tested and verified that you can extend the vATD/vIS memory from its default 32 GB. We recommend 48 GB for a vATD/vIS installation, which has 7 licenses of Windows 10 Sandbox VM and Email Connector installation. To increase the memory size of your vATD/vIS, perform the steps below:
Solution 2
Technical Support can change the memory size of the Email Connector VM over a remote session. If you experience this issue, create a Service Request, include this article number in the "Problem Description" field, and request for a remote session. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
IMPORTANT: Make sure to increase your vATD/vIS memory in your host as per the first solution, before requesting the remote session. Affected ProductsLanguages:This article is available in the following languages: |
|