Share via

CPU utilization 100% continuously on windows servers

zubair shaikh 0 Reputation points
2025-01-12T08:08:57.06+00:00

Team,

I have Windows Server 2019 standard edition servers in my environment where my agent connects remotely it is observed my CPU utilization is spiking and increasing to 90 to 100 %.

=========================================================

Below is the observation

Noticed that CortexXDR and PowerShell sessions exhibit intermittent CPU utilization spikes every minute, returning to normal after a few seconds.

The primary issue observed is CortexXDR intercepting all incoming and outgoing network traffic. Since PowerShell sessions involve remote calls/commands, they are intercepted by CortexXDR every minute, significantly impacting their performance. Due to PowerShell sessions caught up by CortexXDR, both CortexXDR and PowerShell sessions exhibit higher CPU utilization than usual (only during the periods when they hang with CortexXDR).

Suggested turning off CortexXDR and Symantec, which is not feasible and cannot be turned off due to Security concerns.

================================================================

Site controller configuration

Each server with Socket 2 and Virtual processor 12 and Few Server with Virtual processor 16 total we have 6 servers in the Mumbai site and 3 servers in Bangalore site and all are showing higher utilization due to which servers goes in hung mode impacting all connected agents showing down. Requesting you to please suggest with the remediation.

 

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,960 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 35,596 Reputation points
    2025-01-14T13:33:16.15+00:00

    Team please reply to the question asked

    I would think you would have better luck contacting CortexXDR support to find out what their software is doing. It is not a Microsoft product so that is probably the reason that you didn't get much response to your question. There may not be very many users of this forum who use that software AND saw your question.

    From a general troubleshooting perspective, I have had good success using the Sysinternals tools, Process Monitor and Process Explorer.

    https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

    https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

    If you do an internet search for those tools, you will find sites and videos that describe how to use them.

    Briefly, for a looping process, I would use procexp and examine the threads tab to see if I could identify which module was using the most cpu.

    User's image

    For powershell, I would also look at the process command line to see what script it was running. They I would pull up the script in notepad or Powershell_ISE and review the code.

    Process monitor will trace all file, registry, and network calls. It can be overwhelming. You can filter on process name and the Tools menu offers summary reports. It can help you understand what a process is doing. Unfortunately, it cannot tell you WHY a process is doing what it's doing.

    User's image

    If you have never used procmon, it might be best if you watched some of the posted videos that provide examples.

    https://www.bing.com/search?q=how+to+use+process+monitor

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.