Policy Manager - Java High Memory and CPU Usage

1lI
Scholar

Re: Policy Manager - Java High Memory and CPU Usage

Clearing the Application Control list and then rebooting helped with the CPU usage issue.

Also, policy-based client security upgrades and .msi packet exporting started working again.

We had 34000+ lines of mostly obsolete weight in the App Control list...

 

Highlighted
Regular Member

Re: Policy Manager - Java High Memory and CPU Usage

I have same problem since upgrade to 12.40 on 2012 R2, Java 8u131

CPU = 4 vCPU

MEM = 8 Gb

Now I've uninstall Java 8u131 and reinstal FSPMS12.40 - it help for 10-20 minutes. 

Curently after system start CPU goes to 70-90% Java Platform SEbinary process (no Java installed so its probebly from FSPMS enviroment)

Status Monitor is showing HTTP/HTTP/Webreporting: The operation timeout

 

Cant login to server, cant delete policies

F-Secure

Re: Policy Manager - Java High Memory and CPU Usage

Good news!

Janne_M, message "Setting the policy variable 1.3.6.1.4.1.2213.12.1.111.2.100.100.50 (error=-505) was not successful" is caused by "Disallow user changes" checkbox for the specified policy. Seems like UI editor at the client ignores this flag and allows to add exclusions, but as expected can not save the policies with specified error as a side effect.

F-Secure

Re: Policy Manager - Java High Memory and CPU Usage

tomczaki, PM is distributed with java inside so even no need to install it separately.

CPU goes to 100% once client requests policy generation. To avoid that, make sure clients do not reach PM after the service start, for instance stop the network interface or change host module ports. Clean app control rules, distribute policies and revert network changes back. If you stopped the network interface, even no need to restart PM service once network is back, but port changes require restart.

F-Secure

Re: Policy Manager - Java High Memory and CPU Usage

Finally, we succeeded to identify the reason. The root cause was in Spring’s bug with data buffers, which reallocated buffer byte-by-byte if initial capacity (256K) was over. So, if BPF size exceeded this size, it caused constant buffer reallocations.

Hotfixes for PM 12.40 are ready and available at following pages:

https://www.f-secure.com/en/web/business_global/downloads/policy-manager#v12-tab-hotfixes

https://www.f-secure.com/en/web/business_global/downloads/policy-manager-for-linux#v12-tab-hotfixes

Aspirant

Re: Policy Manager - Java High Memory and CPU Usage

Is there a plan to release an updated installer that incorporates the hot fix? 

F-Secure

Re: Policy Manager - Java High Memory and CPU Usage

aimutch, no, full service release is not planned.

Supporter

Re: Policy Manager - Java High Memory and CPU Usage

Any chance you coudl re-release the 12.40 installer with the embedded patch. Just to avoid confusion and forcing people to update just freshly released software version.

You can ignore my post, I have not seen your reply to the identical request.
I don't see an option to remove once posted reply