none
High RAM usage and old definition files not being purge

    Question

  • Hi all.  I just found a FEP RAM usage problem on one of my domain controller.  The RAM usage is high, topped at 95%, and the RAMMap and Task Manager points to the "msmpeng.exe" process, which is System Center Endpoint Protection.  We are running System Center Endpoint Protection 2012 on all the servers and clients.  This domain controller is a virtual machine, running with 4GB RAM. Moreover, not sure if they are related, I also discovered the following folder is consuming a large amount of disk space.

    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates  (> 5GB)
    C:\ProgramData\Microsoft\Microsoft Antimalware\Scans (> 15GB)

    I recall I've limited to keep 3 copies of the old FEP definition files in System Center Configuration Manager 2012, not sure why this server is retaining so much copies of the old definition files.  My questions: 

    1. Any suggestions on why the "msmpeng.exe" process using up large amount of RAM (>1.5GB)?  Process Explorer and RAMMap doesn't give me this info.   Since this is a domain controller, I haven't have a chance to reboot it yet, have to wait till the weekend.  

    2. Is it safe to delete the "Scans" folders manually?  I've tried to delete the sub folders within the "Definition Updates" folder manually, but getting an access deny error because certain process locks up this folder, which I believed is locked by the "msmpeng.exe" process.  Moreover, I cannot stop the Microsoft Antimalware service as I can do in the old version of FEP (2010).

    3. How can I force the "definition updates" folder to purge automatically?

    Thank you.

    Thursday, November 21, 2013 9:36 PM

Answers

  • Just an update.  I've reboot this server, and this clear out the high RAM usage issue.  The reboot also automatically purged the "Scan" and "Definition Updates" folder, server is back to normal now.  Not sure what is causing the RAM spike at the first place.   
    Monday, December 16, 2013 3:02 PM

All replies

  • Hi,

    Thank you for your patience and support.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best Regards

    Quan Gu

    Monday, November 25, 2013 7:24 AM
    Moderator
  • Just an update.  I've reboot this server, and this clear out the high RAM usage issue.  The reboot also automatically purged the "Scan" and "Definition Updates" folder, server is back to normal now.  Not sure what is causing the RAM spike at the first place.   
    Monday, December 16, 2013 3:02 PM
  • Hi,

    Thank you for your sharing. The similar problem may results from many unknown reason.

    Best Regards

    Quan Gu

    Tuesday, December 17, 2013 4:25 AM
    Moderator