Endpoint Protection Service
Answers
-
Hello @MikaK
Welcome to the F-Secure Community. Thank you for your comment.
We've reviewed your post, and based on the debug logs we've collected from some of our users, we've found that high CPU usage can often be caused by conflicting antivirus software installed on the same device, or even by other applications or processes crashing. We recommend checking our suggested steps to help address the issue. If the problem still persists after trying these steps, please let us know and share a debug log with us.
Thank you, and have a lovely day.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters -
Hi,
I'm leaving the rest of the thread to the capable hands of our support but if you're talking about file-signing certificates, the regular expectation that you have with web pages needing to have not expired certificates is not valid there. Signed files have counter-signatures from timestamp server and they are considered legit as long as the certificate was valid when file was signed even if it expires later.
The only reasons for such signed file to become invalid after signing is if the signing certificate or its issuer certificates become revoked by certificate authority or untrusted by operating system vendor.
In fact for example Microsoft Trusted Signing issues on purpose issues very short certificates with intent for them to expire and not be usable for malicious purposes after the signing activity even if leaked. It may look weird if you don't know what's going but this actually increases security of the cryptographic trust for binaries.
Seppo
-
Endpoint protection service and service host network service dns-client causes a high workload. I have uninstalled F-secure on one computer. Since then, the service host network service dns-client load has been below 1%.
I want an F-Secure security solution and not Avira. If I want Avira, I'll buy Avira. I am looking forward to the further development of F-Secure. Otherwise, that's probably it with F-Secure. Just my 2 cents…
-
I had this exact issue with the Endpoint Protection randomly eating 98% of my CPU, even on an extemely high-end setup, and found no other way than to delete it. However, the issue remained even after uninstalling TOTAL. After months of on-and-off troubleshooting I finally found the way to get rid of it.
I'll share what finally worked for me, hopefully it helps someone who decided to go the uninstall route.
- Open Registry Editor. Open cmd, type "regedit", press Enter.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (or alternatively check HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall if you won't find the files mentioned below)
- Look through the list of folders on the left and click each one
- Find the one where DisplayName mentions something like "Endpoint Protection SDK", "Avira", or has an UninstallString pointo to "endpointprotection.exe"
- Once you find the correct entry, copy the UninstallString. It should look along the lines of ""C:\Program Files\F-Secure\TOTAL\epp\Endpoint Protection SDK\endpointprotection.exe" uninstallSdk"
- Proceed to uninstalling the SDK. Press Start, type cmd, right click Command Prompt and "Run as Administrator". Paste the command you copied earlier, press Enter.
This was what finally worked for me after spending hours looking through forums testing different stuff including use of WRE, offline registry editing, BCD rewrites, boot repairs, and manual command-line file surgery.
It's mind-boggling that the SDK is indeed under Avira, and can not be uninstalled with the F-Secure uninstaller. It is also invisible from any startup processes or windows program removal tools.
-
Hello @RekoM
Uninstalling the Endpoint Protection SDK while our F-Secure app is still installed isn't recommended, as it's a critical component and removing it would cause the app to malfunction. Ideally, the SDK should be uninstalled automatically when you remove the main F-Secure application. The fact that it remained on your system after you uninstalled it points to an issue with our uninstallation process that we need to address. To help us investigate this specific problem, we'd appreciate it if you could provide an fsdiag file, which will give us the necessary diagnostic information.
We also want to let you know that our team has been diligently working on fixes for performance issues, including the high CPU and network load that some users have reported. We're planning to release version 25.6 very soon, with a target date of June 30, 2025, assuming everything goes smoothly.
This new version is expected to significantly improve performance for issues like the high CPU usage and "Current Loads" you've observed.
Once version 25.6 updates on your system (which usually happens within a day or two of its release), please continue to monitor your CPU and "Current Loads" as you have been. Your detailed feedback on how this new version performs will be incredibly valuable to us. It will help us confirm if the fixes are working as intended and if there are any remaining areas we need to address.
We're committed to ensuring you have a smooth and efficient experience with our product, and your assistance in testing these updates is greatly appreciated.
Thank you and have a lovely day.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters -
It's mind-boggling that the SDK is indeed under Avira, and can not be uninstalled with the F-Secure uninstaller. It is also invisible from any startup processes or windows program removal tools.
In my experience, uninstalling the F-Secure product via common way (like Windows-based list of installed apps; either through Settings or through Control Panel) also removes the Endpoint Protection SDK. However, in my attempts this always occurred after a slight delay, where the 'actual' removal process (such as F-Secure's own dialog) was no longer displayed. Thus, you may not suspect that something is still happening or the process of uninstallation / clearing is ongoing (in this case - the mentioned sdk and probably related things).
One time I got the side effect as I manually restarted the system too much early, and so that part (SDK) was still in place after restart (stuck). However, since I did not experience any loads or whatever - I did not notice or think of any impact other than the static presence of files.
Just interesting, if in your case there was some failure (which they will try to investigate with the help of Firmy) or also just a manual abruption of uninstallation process (as in my example; and which led to impact for you).
It is always better to uninstall the F-Secure product using the method provided for the operating system you are using. And, for example, only then (or if it is not possible to do it in the usual way) you can use something like F-Secure Uninstallation Tool as an emergency help or additional "cleaning up" tool.
