Agents' Impact to Host Performance

Agents' Impact to Host Performance

Assign
Date
Status
Completed
Property

Why?

Typical questions:
  • So what kind of impact does OpenEDR agents cause to the endpoint?
  • How much RAM, CPU ... do they use up?

Before & After Tests

Before

Clean WinDev enterprise VM, no OpenEDR, run the Winsat tests

After

  • Same VM, install OpenEDR host agents, send events or not sending to backend is secondary
  • Run WinSat tests

What is WinSAT

WinSAT (Windows System Assessment Tests) is used to evaluate the performance of several system components. A higher base score by Windows Experience Index Score means that the computer will run faster and better than a computer with a lower base score.
There are five aspects assessed by WEI:
  • CPUScore is the evaluation score for the processor.
  • D3DScore is the evaluation score for 3D graphics.
  • DiskScore is the evaluation score for drives.
  • GraphicsScore is the evaluation score for 2D graphics.
  • MemoryScore is the evaluation score for RAM in both throughput and capacity.
For this goal, I will be using WinSAT to measure the performance of the host's machine before and after the installation of the OpenEDR agent. This will help us to measure the performance impact caused by OpenEDR agent on the host's machine.
References:

Gather Results

Performance Scores: Without OpenEDR vs With OpenEDR
Name
Without OpenEDR
With OpenEDR
Before OpenEDR agent installation:
notion image
After OpenEDR agent installation:
notion image

Conclusion

Looking at the performance score table, the WEI score for all five components stayed exactly the same before and after the installation of OpenEDR agents. To be sure that it wasn't some error, I went to look into the raw values from the WinSAT tests. As shown from the 2 screenshots above, there is a slight drop in performance in most components, e.g. a decrease in memory speed performance. However, this drop in performance is so minor that it does not affect the overall WEI score.
From this test, we conclude that OpenEDR agents cause very minor decrease to the machine's performance.

Jym's Comment

Helping students with this problem can be systematic. "Work" like restricting administrative channel like SSH, to familiarity with how "normal" use-cases "look like" in client-zone, have a go at infiltrating a windows network & now testing performance of a tool like OpenEDR.
notion image