Jump to content

High CPU consumption by KL processes on Windows 10 v1903 and Windows Server v1903 [KES for Windows]


Recommended Posts

Antipova Anna
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too.

This is happening because MS security configuration baselines recommendations had a suggestion to enable this option and this policy was applied to the host.

This policy setting enables process mitigation options on svchost.exe processes.

If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them.

This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-servicecontrolmanager

Solution

Microsoft has removed it from security baseline. MS have updated their Windows 10 v1903 and Windows Server v1903 security configuration baseline recommendations to address some issues:
The first and most important change is that we are removing the Computer Configuration setting, “Enable svchost.exe mitigation options” (in System\Service Control Manager Settings\Security Settings) from the Windows 10 and Windows Server baselines at this time because of reports that in its current implementation it causes more compatibility issues than we had anticipated.

https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/Security-baseline-Sept2019Update-for-Windows-10-v1903-and/ba-p/890940

 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...