I've been dealing with some frustrating issues after installing Trellix HX (formerly FireEye) alongside Trellix EDN (previously McAfee) on our systems. We made this switch after a cybersecurity scare because the EDN alone just wasn't cutting it anymore. However, ever since we deployed HX, we're noticing that both the FireEye agent and the McShield agents are using way too much CPU, and it's really slowing down our servers and workstations. We've followed Trellix support's advice on creating exemptions to prevent interference between the two agents, but the high CPU usage persists. I'm wondering if anyone here has faced similar issues and what additional exclusions or steps you had to take to resolve this?
2 Answers
We encountered similar problems with Microsoft Defender's scanning, and what helped was excluding both the processes and the file paths related to Defender and Intune. You might need to apply something similar between your ENS and HX setups.
It sounds like the HX agent setup needs to be evaluated more closely. Whoever’s managing it should go through each server and start excluding any legitimate executables. I’ve seen the xagt process cause servers to slow to a crawl before, so it’s definitely worth checking out.
Yeah, I’m a bit worried about that. With our recent scare, getting any exemptions signed off by upper management is going to be tough. They’re super risk-averse now and worried about potential threats from exempted files. Thanks for the tip!
I thought we had already taken care of exemptions on both ends initially, but I'll definitely double-check the processes and directories again. Appreciate the feedback!