cancel
Showing results for 
Search instead for 
Did you mean: 
ssantiago
Level 7

EPS 10.1 Security Component Hostig Server mfetp.exe

Hi anyone else have this issue with EPS 10.1?

Theres a process called Security Component Hosting Server that uses a lot of CPU resources like 70%-80 percent.

3 Replies
mikhailk
Level 7

Re: EPS 10.1 Security Component Hostig Server mfetp.exe

The same issue happed to me. I had network issue and connection was unstable which caused breaks when McAfee mfetp.exe tried to update policies and it went into infinite loop and occupied 100% of CPU. Only rebooting the system helped for a while. After I fixed connection issues I haven't seen this issue any more.

So there is definitely a bug in mfetp.exe or in one of its component, I saw 2 types of errors in the logs from mfetp.exe and from MaSpb.dll.

UPD: still an issue, no one knows how to resolve it, the only one remedy for now - rebooting system each time it happens.

Re: EPS 10.1 Security Component Hostig Server mfetp.exe

This same thing happened soon after we deployed the TIE component. In the ThreatIntelligence_Debug log I can see that after installation of TIE for ES 10.1, a TIE scan started in observe mode. The scan took several hours on a WIN10 computer with an i7 and 8GB ram.

From ThreatIntelligence_Debug.log

03/10/2016 12:59:12.527 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.000s to report SERVICE_START_PENDING

03/10/2016 12:59:12.568 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Starting service...

03/10/2016 12:59:12.572 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.045s to report SERVICE_RUNNING

03/10/2016 12:59:12.683 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.156s to BLFrameworkInit()

03/10/2016 12:59:12.687 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.003s to initialize BL Server

03/10/2016 12:59:12.820 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Loading TIE component...

.

.

.

03/10/2016 12:59:29.851 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Service started successfully

03/10/2016 12:59:30.329 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded Enabled state from registry - 1

03/10/2016 12:59:30.330 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded ObserveModeEnabled state from registry - 1

03/10/2016 12:59:30.330 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded BlockLevel state from registry - 30

03/10/2016 12:59:30.331 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded BlockEnabled state from registry - 1

03/10/2016 12:59:30.331 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded CleanLevel state from registry - 1

03/10/2016 12:59:30.332 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded CleanEnabled state from registry - 1

03/10/2016 12:59:30.334 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//promptEnabled

03/10/2016 12:59:30.336 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//promptLevel

03/10/2016 12:59:30.341 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned Medium for property businessObject//securityPosture

03/10/2016 12:59:30.344 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//useGTI

03/10/2016 12:59:30.346 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned default, true, for property /businessObject//telemetry

03/10/2016 12:59:30.349 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//atdEnabled

03/10/2016 12:59:30.351 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 5 for property /businessObject//atdFileSizeLimit

03/10/2016 12:59:30.353 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//atdLevel

03/10/2016 12:59:30.356 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/enabledRules

03/10/2016 12:59:30.359 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/disabledRules

03/10/2016 12:59:30.361 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/evaluatedRules

03/10/2016 12:59:30.363 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//EP_BO_TECHNOLOGY_ENABLE

03/10/2016 12:59:30.365 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//observeModeEnabled

03/10/2016 12:59:30.367 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//blockEnabled

03/10/2016 12:59:30.369 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 30 for property /businessObject//blockLevel

03/10/2016 12:59:30.370 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//repairEnabled

03/10/2016 12:59:30.372 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 1 for property /businessObject//repairLevel

03/10/2016 12:59:30.374 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//promptEnabled

03/10/2016 12:59:30.376 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//promptLevel

03/10/2016 12:59:30.377 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: returned from setConfig

03/10/2016 12:59:31.679 PM   mfetie(8012.7340) <SYSTEM> TieHooks.TieHooks.Debug: Observe Mode - Object :: C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll  Reputation :: 99   Reaction ::   Allow   Time :: 1.285382

.

.

.

03/10/2016 03:45:41.703 PM   mfetie(8012.6944) <SYSTEM> TieHooks.TieHooks.Debug: Observe Mode - Object :: C:\Windows\System32\ploptin.dll  Reputation :: 99   Reaction ::   Allow   Time :: 0.001393

creese40
Level 7

Re: EPS 10.1 Security Component Hostig Server mfetp.exe

I'm dealing with this issue right now. CPU spiking

McAfee Firewall Business Object Hosting server using 51% of CPU

0 Kudos