Posted by3 years ago
Archived
The problem of using svchost.exe mostly results in devices that are affected by viruses and malware programs. Svchost.exe netsvcs high CPU or Memory leak problems may also occur with an Event log profile or while updating Windows, or by other programs or services that, during their execution, start many processes. We might see svchost.exe (netsvcs) high CPU problems, so this guide will helpful.
Server 2012 R2 - Ping 'freeze' due to WFP plugin
So I don't know if this is interesting or if anyone has encountered anything similar but I figured I'd reach out .
I encountered an issue when for no known reason we could have a Windows 2012 R2 server suddenly stop working for some network traffic in peculiar ways. Ping to a name would work, but to a DNS entry wouldn't.
Actually worse than that, ping would hang when attempting to ping a working dns entry (just never return anything when launched), but dns itself worked fine (nslookup etc). If you attempted to ping a dns entry that didn't exist it would fail like normal. Same behaviour with telnet. Most services for network connectivity worked fine however, SMB etc.
Anyway, I believe I've pointed this down to the security product FireEye we are running which appears to inject into the windows filtering platform and found that the Windows Firewall service had become somewhat unresponsive (unable to launch firewall settings), restarting windows firewall (by killing the service hosting it and BFE) fixes the issue.
Has anyone seen anything similar to this? Surely even if packets are being dropped this behaviour is abnormal as anything, What approaches are viable to troubleshooting the Windows Filtering Platform - should I be creating my own hooks into the platform to monitor the base filtering engine or something?
67% Upvoted