Poor database performance can have a number of different causes; one identified cause on large sites is when excessive logging has been enabled in the SEP client firewall policies.
Verify if traffic logging or packet logging has been enabled for a particular firewall rule that is likely to match large amounts of traffic across all client machines, such as if logging has been enabled for an "allow all applications" or "block all" rule.
To see the number of records kept in the database for different firewall rules the following SQL query can be used: "select count(*) as records,rule_name from sem5.agent_traffic_log_1 with (nolock) group by rule_name order by records desc" (repeating the query for agent_traffic_log_2).
One way to verify if a large amount of the queries from SEPM that are handled by the database are related to agent logging is to use the SQL Profiler tool that comes with Microsoft SQL server. Article TECH92852 describes the steps for capturing an SQL trace log. If dozens or hundreds of queries containing "insert into AGENT_TRAFFIC_LOG_" can be seen during each second then performance may be impacted.
The name of the problematic firewall rule should also be visible inside each query in the trace, as well as the name of the application sending or receiving the traffic.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)