Why You Should Monitor Applications, Not Processes
One of the many things you come to love once you have used uberAgent for a little while is the fact that it is very application-centric. Applications are what really matters, not the individual processes they are comprised of. I will give you an example of that in this post.
Automatic Application Identification
For every running process, uberAgent determines the name of the application the process is a part of. That happens automatically and works for regular Win32 applications just as well as it does for UWP apps (AKA “modern” Windows apps) or Java applications.
Why is this special? The Windows operating system has no concept of applications as logical entities. There is no API to map processes to applications or vice versa. The magic is happening right in uberAgent.
With knowledge about applications, all of uberAgent’s rich performance and user experience metrics can be presented at the process level as well as on the application level. Read on for an example where that distinction is crucial.
Example: Firefox Browser Performance
When I recently analyzed browser video playback performance I was surprised by Firefox’ apparent efficiency. According to Task Manager it only used 1.1% CPU and 121 MB of RAM while playing back a 1080p movie on Netflix:
uberAgent, on the other hand, reported very different numbers: 8.3% CPU and 533 MB of RAM:
Why this difference?
Why Task Manager can be Misleading
Task Manager and most monitoring tools display performance metrics per process. This often makes things unnecessarily difficult.
For starters, Firefox uses multiple firefox.exe processes. In order to determine Firefox’ resource utilization one has to add up their numbers:
But even when combining the three firefox.exe instances there is still a missing piece:
Firefox plays protected web video by way of a plugin – and plugins are hosted in a dedicated process for reasons of security and stability. With that in mind one needs to identify instances of Firefox’ plugin container executable, plugin-container.exe and include their performance numbers in the calculation:
As you can see in the screenshot above, plugin-container.exe adds quite a significant CPU load, so one would not want to miss it.
Automating the Process
Even this rather simple example shows that coming up with accurate performance numbers for an application of interest can be quite cumbersome. The good news is: you do not have to. uberAgent does it all for you, fully automatically. Try it for yourself: downloading and installing only take a few minutes but might save you hours very quickly.
About uberAgent
The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.
uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.
uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.
