cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jameswatson
jameswatson
Level 7
Report Inappropriate Content
Message 1 of 5
‎04-10-2019 09:09 AM

High IOPS (Other) from mcshield.exe

I work for a company providing servers and software to the client. We provide the servers, manage the OS and install and support the application. These servers sit on the customer domain and have their Enterprise AV solution installed. 

The customer upgraded from VSE 8.8 to ENS back in 2017 and we have had multiple different issues since then.

Most of these issues have been resolved over time by various McAfee updates, however the most recent issue is a little perplexing. 

For about 2 1/2 months now, since upgrading to ENS 10.6.1.1124, I have noted mcshield.exe producing a large amount of IOPS Other (non disk read/writes) activity, which I believe is causing a performance degradation over time that did not exist before this upgrade. 
The customer has applied AV exclusions for our software successfully and the disk I/O from mcshield.exe is very small. However the non disk I/O is through the roof, often upwards of 3000 operations per second. 
When checking this using Process Monitor, I can see 1000's of QueryOpen (fastio_query_network_open) events by mcshield.exe

I initially believed this was some initial operation by the On Access scanner to determine if the file should be scanned, however the customer ICT dept have advised that they have disabled the OAS and I am still seeing this activity.

So my question is as follows:

If the OAS is disabled, and the files are correctly excluded from scanning, what is mcshield.exe doing with these files?
NB: The issue occurs on what is essentially a file server, files are written and read over network constantly. 

0 Kudos
Reply
4 Replies
vnaidu
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 5
‎04-10-2019 07:09 PM

Re: High IOPS (Other) from mcshield.exe

@jameswatson Please read the Kb article KB89354

Venu
0 Kudos
Reply
jameswatson
jameswatson
Level 7
Report Inappropriate Content
Message 3 of 5
‎04-11-2019 01:17 AM

Re: High IOPS (Other) from mcshield.exe

Hi Venu, thank you for your reply, but as I mentioned in my original post, the On Access scan is disabled entirely. There is no scanning of files and disk I/O is minimal from mcshield.exe

My query is to find assistance to what mcshield.exe is doing if it's not On Access scanning..

0 Kudos
Reply
chealey
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 5
‎04-11-2019 01:56 AM

Re: High IOPS (Other) from mcshield.exe

Do you have ENS ATP also installed? The mcshield service is used for some of those activities too.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
jameswatson
jameswatson
Level 7
Report Inappropriate Content
Message 5 of 5
‎04-11-2019 02:04 AM

Re: High IOPS (Other) from mcshield.exe

Hi, no the adaptive threat protection has also been disabled as it was constantly scanning critical application binaries and for some reason the customer decided it would be easier to disable the module than add exclusions.

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC