Re: High consumption POWERSHELL in Active Director...

hcarvcamp · ‎06-30-2016

Hi, everyone

I have a simple PowerShell script that runs every 5 minutes grabbing data from a database.
I have noticed the memory climbs quite high (almost 4GB). I have an "output" is the Heavy Forwarder. Seems like the memory keeps climbing.

Print below, the processes:

Any suggestions?

Thank you,

Hugo Campelo.
_

spayneort · ‎06-30-2016

Are you running the ad-repl-stat.ps1 script on Windows Server 2012 R2?

http://blogs.splunk.com/2014/01/13/active-directory-replication-and-windows-server-2012-r2/

richgalloway · ‎06-30-2016

Are you sure the offending powershell process is related to Splunk. Not to be alarmist, but some ransomware use powershell to encrypt files.

---
If this reply helps you, Karma would be appreciated.

hcarvcamp · ‎06-30-2016

Rich,

When i STOP the UF, the highest consumption "die", and, back to the "normal" consumption.

richgalloway · ‎06-30-2016

That would seem to confirm it's Splunk-related.

---
If this reply helps you, Karma would be appreciated.

hcarvcamp · ‎06-30-2016

Yeah,

But do you have any idea what can be?

High consumption POWERSHELL in Active Directory without related processes Splunk-Powershell.

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?