1 Reply Latest reply on Jul 12, 2011 2:50 PM by ctrusty

    ProcMon showing constant registry queries on vdmdbg.dll & IE download directory



      New to the forums!


      I've been having an issue with ePO here lately on a terminal server. We have ~10 users running Microsoft Access XP/2003 running various queries/databases. I had found an article in the KB about setting msaccess.exe as a low-risk process & excluding it from the Buffer Overflow Protection (BOP). I have done both. I honestly believe this resolved my issues with the mcshield.exe running against msaccess.exe when queries were running which is great.


      Now, McAfee is running 40-50% for ~30 seconds every couple of minutes. I found articles to run ProcMon to see what mcshield.exe is doing. I have attached a log file from this morning. It seems like McAfee continues to scan a couple registry keys:


      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ & ..\Download Directory - Key to set where you want the download directory to be for IE. CPU Blips to 20% for a few seconds.

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\VDMDBG.DLL - CPU hits 40-50% for 30 seconds or so.


      You can see from the log this is on a very consistant basis. I'm not sure what settings in ePO would causes such a behavior. One additional note, it causes mcshield.exe to grow in size. Last night it was at around 40MB. This morning, it is at 98MB.




      Message was edited by: ctrusty on 7/12/11 2:49:34 PM CDT