Optimization of variable handling for one genre of behavior.
Cause: One unspecified security product produced a very large number of behaviors on a couple large servers, which cause excessive memory usage of Cyber Crucible.
Symptoms: Cyber Crucible’s memory usage jumps from a few MB to GB’s. The security product’s memory usage also jumped by 100 fold as well, to over 250GB. If you experience this, as that may be independent of Cyber Crucible, please open a support ticket so we may help you. We suspect this was an issue with the security product as well, independent of Cyber Crucible’s optimization.
Fix: This behavior variable tracking was migrated from an algorithm which expected low-volume population to a high-volume algorithm like in use elsewhere in the driver.
Who is affected? Only one customer was observed with this issue, and only on a small portion of their large servers. Regardless - this update is deployed to all customers.
service.exe = bbfb0bf47d942d30438a260b497c04cd assistant.exe = 280d746ed3edea9b7267955a94b97a8e CCRRSecMon.sys (Windows7) = cded2aaa7dd0c2fe446694451bd17960 CCRRSecMon.sys (Windows8) = a06dce5e19627fe1f982cbde632fc313 CCRRSecMon.sys (Windows10) = 14e0c4e7f86405562701187fac93aea2