masvc.exe process consumes a large amount of memory since the ENS policy count is high
Last Modified: 2023-01-17 09:31:39 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
masvc.exe process consumes a large amount of memory since the ENS policy count is high
Technical Articles ID:
KB96272
Last Modified: 2023-01-17 09:31:39 Etc/GMT Environment
Trellix Agent (TA) 5.7.8, 5.7.7 Endpoint Security (ENS) Platform June 2022 Update (10.7.0.3468) or later ENS Threat Prevention June 2022 Update (10.7.0.3497) or later For details of ENS-supported platforms, see KB82761 - Supported platforms for Endpoint Security. Summary
The NOTE: High memory consumption is observed only in the ENS Platform and ENS Threat Prevention environments with TA 5.7.8.x, 5.7.7.x systems. However, if systems are installed with ENS - All Products, you don't see this issue. Problem
The 2023-01-10 17:42:30.438 masvc(14612.4160) policy.Debug: Get Policies Handle 2023-01-10 17:42:30.438 masvc(14612.4160) policy.Debug: Policies getting from db 2023-01-10 17:42:30.454 masvc(14612.4160) policy.Debug: Policies count <686> 2023-01-10 17:42:30.454 masvc(14612.4160) policy.Trace: Preparing the reply message with request status <0> 2023-01-10 17:42:30.454 masvc(14612.4160) msgbus.Trace: Server <ma.service.policy> now submitting loop work item to post the client response, destination name: <ma.internal.request.00003068.3>, pid: <12392> 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Received policy request type <prop.value.get_policies_request> from <MVEDR___3000> 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Get Policies Handle 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Policies getting from db 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Policies count <1> 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Received policy request type <prop.value.get_policies_request> from <EPOAGENT3000> 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Get Policies Handle 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Policies getting from db 2023-01-10 17:43:43.172 masvc(14612.4160) policy.Debug: Policies count <8> The 2023-01-02 11:10:08.785Z |Error |MaSpb |mfetp | 12392| 8240|MaSpb |msgbus_EnforcePolicies.cpp(2175) | Failed to enforce ODS policies. Error: 0xfffe 2023-01-02 11:10:08.973Z |Error |MaSpb |mfetp | 12392| 8240|MaSpb |msgbus_EnforceBOPolicies.cpp(1225) | BO Rule settings are missing: RuleID 2023-01-02 11:17:15.285Z |Error |AMSI |Cmf.Foundation.Services.HostSer| 11540| 472|AMSI |ProviderHelper.cpp(374) | GetProcessName - OpenProcess for pid: 792 failed: 0x5 2023-01-02 11:17:15.504Z |Error |AMSI |Cmf.Foundation.Services.HostSer| 11540| 472|AMSI |ProviderHelper.cpp(374) | GetProcessName - OpenProcess for pid: 792 failed: 0x5 Cause
The ENS product creates duplicate requests. As a result, a large number of requests is sent to SolutionWe investigated this issue and a Proof of Concept (POC) Build is currently available to resolve the issue. To obtain the POC Build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
Affected ProductsLanguages:This article is available in the following languages: |
|