ENS Threat Prevention, how to validate policy locally on endpoint
We are running ENS 10.7.0.2725. CPU usage for mcshield.exe is ramping up 100% on the majority of VDI test systems for our customer. In troubleshooting, I've configured more and more strict exclusions, for testing, and have finally gone to C:\ with all subfolders, but the cpu still ramps up. No change in the symptoms. I'd like to validate on some of the non-persistent clone endpoints that they are actually receiving the policy I think they are. How can I do this?
First, you need to check whether there are any On-Demand Scans running on the VDIs. Because its is an expected behavior for OnDemand Scan to cause high CPU. You can log in to one of the machine/VDI and check this from ENS console.
You can Stop or cancel any scans that are running on the machine to check whether the CPU consumption drops as expected. If yes, then you will have to configure On-Demand scan CPU usage threshold from On-Demand scan policy (for policy based ODS) or edit the task from client task catalog (for custom scan ) . Note : you need to enable "scan anytime " option to use "limit maximum CPU usage " feature to mention the maximum CPU threshold that you would like the scan to consume. This will take effect the from the next scan . For immediate CPU usage drop you can stop or cancel the scan. https://kc.mcafee.com/corporate/index?page=content&id=KB89818
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.