New to the forums!
I've been having an issue with ePO here lately on a terminal server. We have ~10 users running Microsoft Access XP/2003 running various queries/databases. I had found an article in the KB about setting msaccess.exe as a low-risk process & excluding it from the Buffer Overflow Protection (BOP). I have done both. I honestly believe this resolved my issues with the mcshield.exe running against msaccess.exe when queries were running which is great.
Now, McAfee is running 40-50% for ~30 seconds every couple of minutes. I found articles to run ProcMon to see what mcshield.exe is doing. I have attached a log file from this morning. It seems like McAfee continues to scan a couple registry keys:
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ & ..\Download Directory - Key to set where you want the download directory to be for IE. CPU Blips to 20% for a few seconds.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\VDMDBG.DLL - CPU hits 40-50% for 30 seconds or so.
You can see from the log this is on a very consistant basis. I'm not sure what settings in ePO would causes such a behavior. One additional note, it causes mcshield.exe to grow in size. Last night it was at around 40MB. This morning, it is at 98MB.
Message was edited by: ctrusty on 7/12/11 2:49:34 PM CDT
I apologize but for some reason my logfile wasn't attached on the original post. You can see the constant queries to the registry.