configSecurityPolicy.exe process invoking group policy service to refresh the group policy

Question

Question

Because of that we are seeing heavy traffic on port 445.

Event 4004 is continuously getting triggered in event viewer > operational log.

Can anyone tell why this process is triggering GPO update frequently ?

solved 0

Configuration Manager Ketan Kamble 3 years 2020-05-18T15:28:47+05:30 2020-05-18T15:28:47+05:30 5 Answers 304 views Beginner

0

Answers ( 5 )

Ketan Kamble Beginner
0
2020-05-19T09:40:16+05:30 May 19, 2020 at 9:40 AM
Reply
No IIS is not optimized.
Harjit Dhaliwal Admin
0
2020-05-18T21:55:18+05:30 May 18, 2020 at 9:55 PM
Reply
Do you have your IIS optimized?
Ketan Kamble Beginner
0
2020-05-18T17:26:17+05:30 May 18, 2020 at 5:26 PM
Reply
I have taken the procmon and logs from windows performance toolkit . By checking the “Transient lifetime by Process” , looking at the command line invoked by the process we isolated “configSecurityPolicy.exe” is invoking “EPAMPolicy.xml” file.
Further looking at the thread stack of “configSecurityPolicy.exe” In “CPU Usage Precise view” , we observer that “configSecurityPolicy.exe” is readying process “Svchost.exe (1264)”
We further look at the stack of “Svchost.exe (1264)” and conclude that this is container in which gpsvc.dll is running and refreshing the group policy.
At this point we conclude configSecurityPolicy.exe Is the process invoking group policy service to refresh the group policy
Anoop C Nair
0
2020-05-18T17:14:58+05:30 May 18, 2020 at 5:14 PM
Reply
You need to analyse to processes and thread to get more details.
Sometimes you need to do more details analysis by taking network traces …netmount etc

Sorry, you do not have permission to answer to this question .

Anoop C Nair · Accepted Answer · 2020-05-19T10:14:24+05:30

Is this on the server side or client side

I think this needs more deep level troubleshooting

And it’s kind of difficult through online forums