The rule triggers an alarm, to notify about a potential issue of svchost.exe process using excessive CPU on Windows2012/2012R2 domain controller, when it detects that an Active Directory agent is configured to monitor 2012/2012R2 DC using WinRM communication protocol.
It keeps triggering the alarm even after applying one of the workarounds recommended in Troubleshooting section of Release Notes.
Enhancement Request AD-812 has been submitted to Development to improve logic in Rule condition and will be evaluated for a future version of the cartridge.
Please check the release notes of latest version of Active Directory cartridge to find out which enhancements have been included in this release.
Workaround:
Please refer to Microsoft article KB811835 as a possible workaround and after applying it disable the rule.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center