The usage of the CPU and RAM is an important check point of the performance of endpoint.
We can use HI policy to monitor the CPU and RAM usage. The following example shows the configuration steps. If the usage of the CPU and RAM is higher than 50%, then the HI check will fail.
1. Create a HI policy, and add a Custom requirement.
2. Firstly, create a registy key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\TempPerfCPU and set the value as 0.
3. Run a VBScript. This VBScript will read the usage of CPU and RAM by WMI. If the usage is higher than 50%, then set the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\TempPerfCPU into 1, otherwise, leave it as 0.
Here is the content of this VBScript:
Const PerfCPU = "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\TempPerfCPU"
On Error Resume Next
Set oOSSet = GetObject("winmgmts:\\.\root\cimv2:Win32_OperatingSystem")
os_name = oOSSet.CSName
os_totalmem = oOSSet.TotalVisibleMemorySize
os_freemem = oOSSet.FreePhysicalMemory
os_totalvirmem = oOSSet.TotalVirtualMemorySize
os_freevirmem = oOSSet.FreeVirtualMemory
Set oOSCPU = GetObject("winmgmts:\\.\root\cimv2:win32_processor='cpu0'")
os_CPULoad = oOSCPU.LoadPercentage
Set WshShell = WScript.CreateObject("WScript.Shell")
If (os_freemem*2<os_totalmem) or (os_freevirmem*2<os_totalvirmem) or os_CPULoad>50 Then
WshShell.RegWrite PerfCPU, "1", "REG_DWORD"
Else
WshShell.RegWrite PerfCPU, "0", "REG_DWORD"
End if
4. Check the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\TempPerfCPU. If the value is 0, then set the HI result as PASS.
5. If the value is 1, then set the HI result to FAIL. And, add a notification on the endpoint.
Below is the notification on the endpoint:
And, this is the screenshot of the Security Log on endpoint:
Attached is the exported policy file.