(WIN7 SP1, McAfee VS Enterprise, Scan Engine 5400.1158, DAT version 6820.0000,
Buffer Overflow and Access Protection DAT version 588, DAT created on 30 Aug 2012)
I've timed it, and for almost exactly 60 seconds upon trying to open a PDF file, the CPU approaches 100%. After 60 seconds, the application is responsive for approximately 1 second, and then hangs again (his time with low CPU but with the Windows 7 spinning circle for approximately 15-20 seconds.
I've noticed that if I disable McAfee On-Access Scan, then Adobe Reader works fine.
The problem persists today with DAT 6822.0000 also.
Around the time the issue occurred, Firefox decided to upgrade itself to 15.0, and the virus scanner updated itself around the same time, so one of these triggered the issue.
After that, Adobe Reader hangs on startup for a long time before becoming responsive again.
After an uninstall of Adobe Reader, deleting the C:\Users\xxx\Application Data\Adove\Acrobat folder completely, and deleting the HKCU\Software\Adobe\Adobe Acrobat key,
Adobe Reader 10.1.4 was installed from scratch.
However, the problem remains (same symptoms).
Has anyone else experienced this? Any workaround till it is resolved? (Disabling the On-Access Scan is _not_ an option for us).Message was edited by: sky_123 on 02/09/12 10:17:59 CDT
Solved! Go to Solution.
The PDF slow opening from outlook has been seen with some customers using VSE & GTI Proxy.
It’s noticeable when users are at their home or away from the office network and their endpoint cannot talk to GTI Proxy. VSE will first try to do a hash lookup via the GTI Proxy server ip address specified in the AEServer registry key, wait for it to timeout and then as a fallback try a direct DNS lookup to avqs.mcafee.com. The wait time is further compounded if there are multiple GTI Proxy ip addresses specified in the AEServer registry key as VSE will attempt a hash lookup to all the specified GTI Proxy ip addresses before falling back to a direct DNS lookup.
This can cause a visible slowdown in opening of PDF documents from the email client (since it's a user driven action) from an endpoint configured to (but can’t) talk to GTI Proxy.
1. Is VSE configured to use GTI Proxy and is at Medium sensitivity level for GTI?
2. Are there multiple GTI Proxy ip addresses specified under the AEServer registry key?
If the answers to the above two are yes, that could be a possible cause.
I just tested this (VSE 8.8 patch 1 + Adobe 10.1.4) on two different machines. I couldn't even begin to measure any delay.
However, CPU utilization isn't what is important. Any time Windows fetches a file, it will always spike up to that. That's what happens when Windows loads a file (the CPU sits there and waits for it). Performance is always a tough thing to measure but unfortunately Windows masks disk IO as CPU.
I would recommend you opening a case. Just because I don't have the issue doesn't mean it isn't an issue. And I'm sure Support would like to collect the MER on it. If there's a performance issue we want to know about it.
Strange. I'd also suggest logging a case (Run a MER on the machine to assist with escalation if required).
I can't replicate the issue here.
Try switching down the Global Threat Intelligence/artemis level in the OAS policy and try again.
A higher than low GTI setting will refer pdfs fingerprint to GTI this adds many seconds on, also depends on the complexity of the pdf aswell (embedded objects etc)
Global Threat Intelligence wouldn't add more than 2000ms maximum. The DNS query (that's how GTI works) would time out. In most cases the queries are returned in 20-90ms. Feel free, to test with a lower level but I'm pretty sure GTI isn't adding 60 seconds to the query.
I don't think it's just a McAfee issue. I have a home computer with MIcrosoft's MSE, and sometimes PDF's can take a full minute to open. Maybe something to do with the way Acrobat 10 interacts with various virus scan software?
I am also having issues with Adobe Reader 10.1.4 and McaFee Enterprise 8.8 VirusScan Enterprise.
Anyone here have found a soultion?
Task Manger is showing 100% CPU, and Adobe Reader is not even running in the foreground, but it dead in the background.
Once I kill the Process it is down to 20% or less.
Any Idea, beside downgrading?
Is this a Adobe issues, or a Mcafee,
As a workaround and/or troubleshooting option, you could create an exclusion in your On Access Default Process policy to exclude "By file type", and exclude "PDF". Save the policy, wake the machine up, reboot, then attempt to open a PDF again, and note the result.
If you claim its OAS picking it up and spiking, this is a workaround.
Have you tried patch 2? It addresses "CPU spikes...
VirusScanEnterprise 8.8 Patch 2 is now available. This release includes new features,fixes, and enhancements including:
To downloadPatch 2, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.
You can viewthe Release Notes at: https://kc.mcafee.com/corporate/index?page=content&id=PD23934.
I experienced the exact same issue today in my environment where opening up PDF files would hang for seconds with VirusScan8.8 on Win7 with Adobe Reader 10.1.4. Some of our users said it took up to 60 seconds to open up a PDF from Microsoft Outlook. Some of our users reported that unplugging the network connection fixed the problem. After investigating, it turns out to be a communication problem from our client computers to the GTI-Artemis backend (timeout issues or communication problems). Try the GTI Artemis PDF test file and nslookups troubleshooting commands to confirm you have proper DNS communications to the GTI backend.
In our particular environment, we have a very closed off isolated network from the Internet so we have to use McAfee GTI-Proxy appliances. Something caused all our GTI-Proxy appliances to stop responding to DNS lookup requests which ultimately created the huge delays (timeouts) in opening up PDF files from Outlook. We ended up rebooting all our GTI-Proxy appliance to get the business back to normal.Message was edited by: crash101 on 9/25/12 5:43:46 PM CDT