Some of our Windows target machines have recently started becoming unresponsive during scans. We have tracked the problem down to the
wmi_query calls in
wmi_file.inc. Specifically, the queries to the
CIM_DataFile table are extremely slow, and may consume 100% of the CPU for multiple minutes.
We note that this may not be an issue with the plugin’s implementation, but with WMI itself on the remote Windows machines (particularly machines with only 1 core). We lessened the impact of this issue by adding 10-second sleeps before every call to
wmi_file.inc, but this is not a good long-term solution for multiple reasons.
Given that this started happening only recently, I’m curious about any recent changes to
wmi_file.inc that may have exacerbated this issue. Anybody aware of anything recently changed, or even (grasping at straws) a change in Windows’ own WMI service? Any ideas for solving this problem that are better than sleep-ing?