Symantec ATP SEDR from 3.x to 4.1 version: High RAM usage in 8840

This is the exhausting, and longest case I have ever encounter. When the 4.1 version notified my ATP device, before I jump into upgrading it, I read the white-papers and the prerequisites to upgrade. After a month of upgrading it, I kept getting high RAM usage from monthly to weekly notifications. Experiencing RAM high usage problem in 8840. Even the system activity logs or the logs from the Symantec ATP administrator management interface can’t help at all. I had to raise a ticket to Symantec Support when the behaviour reoccurring.

The temporary solution from Symantec article is to reboot when the RAM usage warning appears.

Back and forth emails with Symantec Support, they themselves have no idea too.  Anyway, just to cut from the exhaustion and tolerance that I went through with the Support, so this is what they suggested is to gather the logs about the appliance health you have to do it this way.

After the Support got the logs (twice), they analyzed and informed me to wait for version 4.2 and it will resolve this issue. Version 4.2 release date 29th August 2019. Hopefully, it will.

Requirements

  1. SSH or Terminal console from ATP Appliance
  2. A firewall is allowed SSH for the ATP Appliance
  3. VGA from ATP Appliance to the LCD monitor
  4. Raise a case to Symantec Support

SSH console

If you have enabled SSH for your Symantec ATP appliance, then you could run the command below via SSH in the same environment.

If you haven’t enabled SSH yet, then you could always go to the Symantec ATP Appliance and launch the terminal console, key in the login credential and run this command;

sshconfig enabled

ATP terminal console via LCD

  1. Login the ATP physical device with your ATP credential
  2. key in the following command 
    • gather_evidence -u <your email address> -c <case number> -v
  3. It will prompt to enter a password, the password is given by Symantec support
  4. After that, it will show the progress dashboard about the reporting uploading to the Symantec support site

This takes an hour to or more complete the upload.

Appendix

  1. -u is username
  2. -c is case number
  3. -v is verbose

 

 

 

Author: sabrinaksy

Just an ordinary lady who love what she does best.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: