cancel
Showing results for 
Search instead for 
Did you mean: 
cdobol
Level 10

FireSvc.exe Uses 25% CPU after DAT update

I'm using 8.0.0.1741.  We are seeing after a DAT update that the FireSvc.exe process 'hangs' using 25% CPU utilization.  We are also running VS 8.8.  Anyone else see that?  I'm thinking of adding some process exclusions to firesvc.exe in VirusScan to see if that changes anything.

0 Kudos
6 Replies
cdobol
Level 10

Re: FireSvc.exe Uses 25% CPU after DAT update

The issue occurs with the McAfee Host Intrusion Prevention Service when trying to start up.   I changed logging to "error" only and the CPU spike seems resolved, but the service still won't start.  Almost like it can't query the registry or session information.  I opened a SR with McAfee on this, will post a resolution when I get one.

08/19/2011 20:25:31 HpmRegistry.cpp[5469] ERROR (5104) internalEnumRegValues() - failed to query for reg key value #0. subResult = 234. Will continue to process other reg key values.

08/19/2011 20:25:31 HpmRegistry.cpp[11050] ERROR (5104) getLogonSessions() - failed to successfully read the logon session rules.

08/19/2011 20:25:31 RpcSessionCache.cpp[1280] ERROR (5104) RpcSessionCache::getSessionData() - Failed to load session data.

08/19/2011 20:25:31 FireComm.cpp[296] ERROR (5104) FireComm::firecomm_Start() - (-413) .

08/19/2011 20:25:31 IKESVC [196] ERROR Unable to start FireComm

08/19/2011 20:25:31 IKESVC [329] ERROR Unable to start FireComm. FireSvc startup will be aborted.

08/19/2011 20:25:35 HpmRegistry.cpp[5469] ERROR (5164) internalEnumRegValues() - failed to query for reg key value #0. subResult = 234. Will continue to process other reg key values.

08/19/2011 20:25:35 HpmRegistry.cpp[11050] ERROR (5164) getLogonSessions() - failed to successfully read the logon session rules.

08/19/2011 20:25:35 RpcSessionCache.cpp[1280] ERROR (5164) RpcSessionCache::getSessionData() - Failed to load session data.

08/19/2011 20:25:35 FireComm.cpp[296] ERROR (5164) FireComm::firecomm_Start() - (-413) .

08/19/2011 20:25:35 IKESVC [196] ERROR Unable to start FireComm

08/19/2011 20:25:35 IKESVC [329] ERROR Unable to start FireComm. FireSvc startup will be aborted.

0 Kudos
cdobol
Level 10

Re: FireSvc.exe Uses 25% CPU after DAT update

Found that we had a buffer overflow when trying to read the following key -->  HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP\Config\LogonSession\0  This caused HIPS to go into a infinite loop trying to read that key... hence the CPU utilization.

I copied an entry from a working machine to the broken machine.  It was then able to read that registry entry and it worked!  We suspect a 3rd party application is causing the buffer overflow on the registry query.  Still investigating...  Will post as I learn more.

0 Kudos
DimSys
Level 7

Re: FireSvc.exe Uses 25% CPU after DAT update

Hi,

Have the same problem.

Processes Firesvc.exe and Mcshield.exe using up to 98% CPU (by 49% for each).

After reboot everythink is OK.

If you find solution, please post it here.

Thanks.

0 Kudos
DimSys
Level 7

Re: FireSvc.exe Uses 25% CPU after DAT update

If you need, I will try to help you.

0 Kudos
feeeds
Level 9

Re: FireSvc.exe Uses 25% CPU after DAT update

Any word on of this has been resolved with a hot fix or service pack ?

0 Kudos
ppg
Level 7

Re: FireSvc.exe Uses 25% CPU after DAT update


https://community.mcafee.com/thread/44747

Same problem to my company.effected 300 unit snotebook.CPU usage goes up (firesvc.exe) and it iwll hang and freeze stuck hang for few seconds.

0 Kudos