The process that takes care of OAS is mcshield.exe. When this process consumes HIGH CPU for a longer duration, It is first very important to check if this is indeed OAS consuming high CPU or if it is ODS.
So, please look for any running scans on the endpoint and if you do not find any scans running on the machine (You can open the local ENS console and check under "Scan System" button to see if any scans are currently running or open ODS log file "OnDemandScan_Activity" under C:\ProgramData\McAfee\Endpoint Security\Logs to look for any actively running on demand scan.
Once you have confirmed that there are no active scans, we can be sure that the High CPU usage from mcshield.exe is by OAS.
In order to resolve High CPU usage by OAS, we need to understand what is causing it. On Access Scanner consumes more resources only when the machine is running an application/program that is requesting more resources or is performing a lot of activities that demands us to use the scanner more!
Trellix has provided a very useful tool called McAfee profiler that hooks on to our scanner process, looks around for what is being scanned by us and gives you a very simplified report of what process and file activities are being scanned by us.
Install and Launch Profiler tool when issue is seen.
Please capture 5 to 10 minutes of events depending on the duration of the High CPU consumption.
Once capture is done, please look into the "Top Processes" and "Top Files" that were consuming resources.
Please note down the list of processes consuming High CPU and add them to your OAS policy as Low risk process provided the process is trusted by you.
Also look for folders that has the post read and write activity and add those to be excluded under files and folder exclusions in both Standard and High Risk process tab in OAS policy.
As a best practice, collect a list of commonly used applications in your organization and get their respective vendor recommendations for exclusions and ensure those exclusions are added to your OAS policies as needed. To help you with some well-known vendor recommendations, please find our master KBA on the same:
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.