cancel
Showing results for 
Search instead for 
Did you mean: 
jamie.schnabel@
Not applicable
Report Inappropriate Content
Message 1 of 8

Slow PC with Endpoint Security 10.5

Jump to solution

Upgraded from virusscan 8.8, endpoint DLP, host intrusion prevention 8.0 to the new Endpoint Security 10.5.  pushed this to about 20 test pc's and they are all showing around 65% memory usage, cpu spikes to 100 percent and even the disk spikes to 100 percent.  this is deployed on windows 7, windows 8.1 and windows 10.  also to desktops and laptops with mcafee encryption.  Any ideas or suggestions of were to look.  Mostly the task manager shows the Mcafee scanner service as the highest useage.  Thanks.

1 Solution

Accepted Solutions
chrischale
Not applicable
Report Inappropriate Content
Message 3 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

I had major issues with 10.5 deployed on some systems.  I was able to get system performance back by resetting a set of test policies back to McAfee defaults.  I then enabled Enforcement in the ATP Options policy, and ensured that both Real Protect cloud and client scanning were enabled. 

So far i have it deployed on 4500(ish) systems and I've only had to write three exclusions.  To the point, I'm finding that exclusions slow down ENS 10.5 rather than speed it up.  You're better off running without any or very few, than all of the exclusions that your vendor tells you that you need.  We've adjusted our policies so that we won't accept an exclusion unless a proven performance impact can be shown.  This includes SQL and Exchange.  ENS 10.5 is running quite nicely.

7 Replies
ahawke
Not applicable
Report Inappropriate Content
Message 2 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

OAS in Threat Prevention is probably the most logical place to start....try turning it off. If there is improvement, assess what is being scanned and go from there. That about as specific as I can be given the lack of detail on upgrade process used, config, ect.

chrischale
Not applicable
Report Inappropriate Content
Message 3 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

I had major issues with 10.5 deployed on some systems.  I was able to get system performance back by resetting a set of test policies back to McAfee defaults.  I then enabled Enforcement in the ATP Options policy, and ensured that both Real Protect cloud and client scanning were enabled. 

So far i have it deployed on 4500(ish) systems and I've only had to write three exclusions.  To the point, I'm finding that exclusions slow down ENS 10.5 rather than speed it up.  You're better off running without any or very few, than all of the exclusions that your vendor tells you that you need.  We've adjusted our policies so that we won't accept an exclusion unless a proven performance impact can be shown.  This includes SQL and Exchange.  ENS 10.5 is running quite nicely.

Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution
Thank you very much. You spoke my mind Smiley Happy
In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
McAfee Employee dmcgeary
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution
Indeed! this is more officially substantiated in KB88205
davidb84
Not applicable
Report Inappropriate Content
Message 6 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

chrischale,

 

Mind sharing your exclusions?  Assuming they're generic.  

McAfee Employee cookand
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

Anytime that you are seeing spikes in CPU (whether VSE/ENS is present on the box) the most likely cause is OAS scanning. With that being said you can look at creating the proper exclusions in the policy for your environment. Below I will list the "consolidated list of exclusions" for you to review:

https://kc.mcafee.com/corporate/index?page=content&id=KB66909&actp=null&viewlocale=en_US&showDraft=f...

Also, you can test to see if it is exclusions will make a difference by running a ZZZ test. Basically you assign the policy to a machine showing the behavior, send a wake up and see if it has any effect on bring the CPU down:

https://kc.mcafee.com/corporate/index?page=content&id=KB67648

The above mentioned cites VSE, but you can do the same for ENS. Test that out let me know if it chills out the CPU spikes, if so 100% exclusions is what you are looking at incorrporating within the environment. And as always if you need help setting up exclusions, give us a ring and we will take a look at it with you.

-Andrew

davidb84
Not applicable
Report Inappropriate Content
Message 8 of 8

Re: Slow PC with Endpoint Security 10.5

Jump to solution

@cookand wrote:

Anytime that you are seeing spikes in CPU (whether VSE/ENS is present on the box) the most likely cause is OAS scanning. With that being said you can look at creating the proper exclusions in the policy for your environment. Below I will list the "consolidated list of exclusions" for you to review:

https://kc.mcafee.com/corporate/index?page=content&id=KB66909&actp=null&viewlocale=en_US&showDraft=f...

Also, you can test to see if it is exclusions will make a difference by running a ZZZ test. Basically you assign the policy to a machine showing the behavior, send a wake up and see if it has any effect on bring the CPU down:

https://kc.mcafee.com/corporate/index?page=content&id=KB67648

The above mentioned cites VSE, but you can do the same for ENS. Test that out let me know if it chills out the CPU spikes, if so 100% exclusions is what you are looking at incorrporating within the environment. And as always if you need help setting up exclusions, give us a ring and we will take a look at it with you.

-Andrew


What do you mean by 100% exclusions?  I am aware of the zzz scanner.  I just have a hard time believe that McAfee doesn't have a blanket policy that works in 99.9% of environments.  
McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.