Sign in
Microsoft.com
 
Forefront Server Security TechCenter
 
 
 
Forefront Server Security TechCenter > Forefront Server Security Forums > Forefront Security for SharePoint > High Memory Utilization
Ask a questionAsk a question
Search Forums:
 

General DiscussionHigh Memory Utilization

  • Monday, July 20, 2009 11:59 AMDharm Dhwaj Singh Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    After Installing the Forefront Sharepoint on three servers , the utilization of Memory is continuously above than 85% . How can i tune the application ? 
     

All Replies

  • Thursday, September 10, 2009 10:29 AMAndy S. Day Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi,

    Not sure if you've looked into which processes are consuming the most memory, but they could well be Forefront's scan processes. Forefront uses in-memory scanning and up to 5 scan engines can be utilised at any one time. This means that each scan process will load all of the engines that you have enabled under SETTINGS>Anti Virus in the Forefront Administrator client. As a result, you will typically see scan processes consuming 200-300MB RAM each. This can rise, depending on what file the process is scanning, since the file is loaded into the process' memory. So, if the process is scanning a 100MB file, you will see an additional 100MB RAM utilised. This memory is released once the scan of the file has completed, of course.

    You can check how many scan processes are running in Task Manager. Processes running as part of the Realtime scanjob are called FSCRealtimeScanner.exe. You'll also see FSCManualScanner.exe present, if a Manual scan is running. By default though, for every day scanning, we'd expect to see 3 FSCRealtimeScanner.exe processes. There would therefore be up to 600-900MB RAM consumed by scanning processes alone.
    It is possible to cut the number of scanning processes by lowering the RealtimeProcessCount registry value (HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\SharePoint) down from 3 and restarting FSSP and Sharepoint services, but I wouldn't recommend doing this. Multiple Realtime processes are there for a good reason - they allow FSSP to scan more than one document at once. This helps to avoid scanning bottlenecks.

    I would recommend reviewing your memory consumption in general (which processes are consuming the most?) to determine whether this is normal consumption (as detailed above for FSSP; consider extending RAM as a solution), or whether there is a potential problem. Do come back to me on this thread, if you need more advise after that.
    Kind Regards, Andy Day | CSS Security, Sr. Support Engineer (Antigen/Forefront Server Security)