Hi Guys,
Just started up my managed security service and on-boarding my first client. Using C1 with CCS10 with premium license.
I’m seeing serious performance issues when running containment. Applications take a few extra seconds to start loading and while they are running they periodically freeze. For example, switching taps in google chrome freezes the application for a few seconds.
These are fast systems and had no issues running other security products. When I enable containment baseline or disable containment the systems perform as expected.
Here was my approach:
- Cloned the optimum windows profile but kept most of the settings default, aside from changing scanning schedules and tweaking the UI settings.
- Created a whitelist for AV, HIPS and containment
- Added the following exclusion to all lists (HIPS is disabled in this policy but still writes to the log so I included it in the whitelist as well)
%systemroot%\System32\Spool*
%systemroot%\SoftwareDistribution\Datastore*
%allusersprofile%\NTUser.pol
%Systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\Database*
%SystemRoot%\System32\GroupPolicy\Machine*
%SystemRoot%\System32\GroupPolicy\User*
%windir%\Ntds*
%windir%\Ntfrs*
%systemroot%\Sysvol*
%systemroot%\Sysvol_DFSR*
%systemroot%\System32\Dns*
%systemroot%\System32\DHCP*
*\Pagefile.sys
*.mdf
*.ldf
*.ndf
*.trn
*.bak
*.ost
*.mdb
*.pst
- Monitored C1 containment log and local killswitch to see what applications are running virtualized
- Added all contained applications (that I knew were trusted) to the whitelist.
And still, applications and browser tabs freeze intermittently.
Does anyone have any words of wisdom?
Thanks