Hi All,
We have been testing the elastic-agent for a while across multiple endpoints on our environment and started noticing a few issues. Initially we noticed on several of our higher spec laptops that Endpoint security Malware prevention would run the CPU and Memory extremely high with laptops sitting at 70%+ from the agent services alone. So we decided to remove Endpoint Security policy off of the affected machines by assigning their own policy with the Windows and System integrations enabled (sysmon was also installed of Kernel based monitoring).
This did drop CPU and RAM levels across all the affected machines as expected. However this is were we noticed something weird. On several laptops a windows service for "Service Host: DNS Client" was hitting 20-40% of CPU utilisation alone, causing systems to freeze up and on one system completely crash causing BSOD. Once the Elastic Agent was completely uninstalled, "Service Host: DNS Client" dropped back to normal levels.
Has anyone ever encountered this before, we are not able to explain why only a select number of laptops (primarily high spec) are affected in this way.