Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
padi
New Contributor

Very high cpu load after FortiClient installation

Hi there

I hope someone else has this problem an knows any solution...

We deployes FortiClient EMS 7.0.2 now we are deploying FortiClient 7.0.2 to our server. Last week I installed it to one of our DCs, afterwards the CPU usage turn into the hell, from 4 % to neerly 99% permanently. But at the most time there are not the FortiClient services which are high loaded, but processes like Local Security Authority, System and System interrupts. The FortiClient Network Access Control process is also one of the top process.

After uninstall FortiClient from DC the CPU load was going back to normal state.


Also interesting is that this behavior is only on the Domain Controllers an not on other servers.


Does anyone have an idea why this could happen?

Thanks in advance220601_Remote Desktop Manager_000175.png

4 REPLIES 4
Aashiq_Z
Moderator
Moderator

Hello @padi ,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks,
Aashiq Zainulabdeen
psevca
Staff
Staff

Hello,

which features are enabled for Forticlient that runs on the DC and which OS version you are running on the DC ?  You can use ProcessExplorer to see the which service/daemon causes high CPU utilisation - if you can provide this information that would also help.

 

thanks

Peter Sevca

padi
New Contributor

Hi

At the moment I'm, playing around with the diffrent features to find out which function causes the high CPU load.

From the main features itself are enabled the Malware, Firewall and Vulnerability Scan.

The Windows OS ist Windows Server 2012 R2 Standard, in a few weeks we migrate the first DC to Windows Server 2022 Datacenter, so we can test if there is the same behavior.

 

My first gues is the Option Real-Time Protection>System Process Scanning, this we have set to "Scan Files When Processes Read and Write Them".

 

The pain for testing is, that we have an other problem with syncing the Profiles which I described in the following post:

https://community.fortinet.com/t5/Fortinet-Forum/EMS-6-4-3-shows-Endpoint-Policy-Out-of-Sync/td-p/23...

 

Thanks

Patric

padi
New Contributor

Hi

The support told me now that we only should use AntiVirus Features. So I created an installer with only following features enabled:

  • Zero Trust Telemetry
  • Vulnerability Scan
  • Advanced Persistent Threat (APT) Components
  • AntiVirus, Anti-Exploit, Removable Media Access
  • Cloud Based Malware Outbreak Detection

For now it looks good with the synchronisation and the CPU usage, also on Windows Server 2022.

I hope this was the solution.

Patric