" Process ir34-uc2-ccx1, PID=2968 is potentially leaking handles"
We have received the alert like above., not sure how to trouble shoot this alert. This comes from the thereshold "windows analyst" Please explain what is this alert and how to trouble shoot this.
The alert in questions arises when any windows process starts increasing it's number of handles by 15% within a 15 minute interval in the WindowsAnalyst.
For reference, A process handle are shared items that requires the Windows OS to manage and provide. These can include file handles such as opening files on the disk, registry handles to access registry keys or even process threads to do multi-threaded functionality.
This issue in question should be regarded as a warning as the alert severity mentions as it is likely that a process may not have been cleaning up it's handles. Although, it is also likely because there is more load on the process itself causing it to create more process handles to manage the new workload.
To troubleshoot I can recommend quering the Windows Handle Prognosis record (NTHANDLE) for this particular process to determine what the majority of the handles are being used for and then proceed from there to determine if this is a viable problem.
Hope that helps answering your query .
The alert is a warning and is not critical. It can be disabled as needed by your environment.
Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.
Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.Join webinar