Operational Defect Database
BugZero found this defect 111 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000bzIVSAY
WatchGuard Endpoint Security performance issues and high CPU usage on Windows servers monitored by SysMon
Last update date:
1/30/2024
Affected products:
WatchGuard Endpoint Security
Affected releases:
All
WatchGuard Endpoint Security
Fixed releases:
All
Description:
Issue
This issue applies to WatchGuard EPP, EDR, EDR Core, EPDR, and Advanced EPDR. It was resolved in Hotfix KER-608 On WatchGuard Endpoint Security protection software versions 8.00.22.0010 to v8.00.22.0022, there could be high CPU usage on the System process and performance issues on Windows servers monitored by Sysmon. For information on how to determine the version of your WatchGuard Endpoint Security product, go to Determine the Software Version in Help Center.
Workaround/Solution
A hotfix is available to resolve this issue.To apply a hotfix on the affected endpoint: Download and save the hotfix file to the endpoint: hf-ker608-system_rules_consumption.exeDouble-click the downloaded file.The hotfix installation does not require you to restart the computer. However, under certain circumstances, you might be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer immediately, select No when prompted. This postpones the application of the hotfix until the next system restart. Note: To install the unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart. The hotfix updates these files: File NameLocationModified DateHotfix included in future versions?00000014C:\ProgramData\Panda Security\Security Protection\000000141 December 2023Yesv8.00.22.002300000021C:\ProgramData\Panda Security\Security Protection\000000211 December 2023Yesv8.00.22.00230x1000000D.DATC:\Program Files (x86)\Panda Security\WAC\Cache\0x1000000D.DAT29 November 2023Yesv8.00.22.00230x10000045.DATC:\Program Files (x86)\Panda Security\WAC\Cache\0x10000045.DAT7 December 2023Yesv8.00.22.0023 Verify Hotfix ApplicationTo confirm the correct application of the hotfix, check the file version (in File Details section) or verify the values of these Registry keys: 32-Bit Architecture64-Bit ArchitectureRegistry KeyValueRegistry KeyValueHKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_SYSTEM_Rules_ConsumptionRevision [REG_DWORD] 1HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_SYSTEM_Rules_Consumption [REG_DWORD] 1 HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_SYSTEM_Rules_Consumption Result [REG_DWORD] 0 = Success1 = Not Applied2 = Error9 = On Reboot Operation HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_SYSTEM_Rules_Consumption [REG_DWORD] 0 = Success1 = Not Applied2 = Error9 = On Reboot Operation
