cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 11

Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

(WIN7 SP1, McAfee VS Enterprise, Scan Engine 5400.1158, DAT version 6820.0000,

Buffer Overflow and Access Protection DAT version 588, DAT created on 30 Aug 2012)

I've timed it, and for almost exactly 60 seconds upon trying to open a PDF file, the CPU approaches 100%. After 60 seconds, the application is responsive for approximately 1 second, and then hangs again (his time with low CPU but with the Windows 7 spinning circle for approximately 15-20 seconds.

I've noticed that if I disable McAfee On-Access Scan, then Adobe Reader works fine.

The problem persists today with DAT 6822.0000 also.

Around the time the issue occurred, Firefox decided to upgrade itself to 15.0, and the virus scanner updated itself around the same time, so one of these triggered the issue.

After that, Adobe Reader hangs on startup for a long time before becoming responsive again.

After an uninstall of Adobe Reader, deleting the C:\Users\xxx\Application Data\Adove\Acrobat folder completely, and deleting the HKCU\Software\Adobe\Adobe Acrobat key,

Adobe Reader 10.1.4 was installed from scratch.

However, the problem remains (same symptoms).

Has anyone else experienced this? Any workaround till it is resolved? (Disabling the On-Access Scan is _not_ an option for us).

Message was edited by: sky_123 on 02/09/12 10:17:59 CDT
1 Solution

Accepted Solutions
Highlighted
Level 13
Report Inappropriate Content
Message 11 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

The PDF slow opening from outlook has been seen with some customers using VSE & GTI Proxy.

It’s noticeable when users are at their home or away from the office network and their endpoint cannot talk to GTI Proxy. VSE will first try to do a hash lookup via the GTI Proxy server ip address specified in the AEServer registry key, wait for it to timeout and then as a fallback try a direct DNS lookup to avqs.mcafee.com. The wait time is further compounded if there are multiple GTI Proxy ip addresses specified in the AEServer registry key as VSE will attempt a hash lookup to all the specified GTI Proxy ip addresses before falling back to a direct DNS lookup.

This can cause a visible slowdown in opening of PDF documents from the email client (since it's a user driven action) from an endpoint configured to (but can’t) talk to GTI Proxy.

1. Is VSE configured to use GTI Proxy and is at Medium sensitivity level for GTI?

2. Are there multiple GTI Proxy ip addresses specified under the AEServer registry key?

If the answers to the above two are yes, that could be a possible cause.

View solution in original post

10 Replies
Highlighted

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

I just tested this (VSE 8.8 patch 1 + Adobe 10.1.4) on two different machines. I couldn't even begin to measure any delay.

However, CPU utilization isn't what is important. Any time Windows fetches a file, it will always spike up to that. That's what happens when Windows loads a file (the CPU sits there and waits for it). Performance is always a tough thing to measure but unfortunately Windows masks disk IO as CPU.

I would recommend you opening a case. Just because I don't have the issue doesn't mean it isn't an issue. And I'm sure Support would like to collect the MER on it. If there's a performance issue we want to know about it.

Highlighted
Level 12
Report Inappropriate Content
Message 3 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

Strange. I'd also suggest logging a case (Run a MER on the machine to assist with escalation if required).

I can't replicate the issue here.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

Try switching down the Global Threat Intelligence/artemis level in the OAS policy and try again.

A higher than low GTI setting will refer pdfs fingerprint to GTI this adds many seconds on, also depends on the complexity of the pdf aswell (embedded objects etc)

Highlighted

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

Global Threat Intelligence wouldn't add more than 2000ms maximum. The DNS query (that's how GTI works) would time out. In most cases the queries are returned in 20-90ms. Feel free, to test with a lower level but I'm pretty sure GTI isn't adding 60 seconds to the query.

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

I don't think it's just a McAfee issue. I have a home computer with MIcrosoft's MSE, and sometimes PDF's can take a full minute to open. Maybe something to do with the way Acrobat 10 interacts with various virus scan software?

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

I am also having issues with Adobe Reader 10.1.4 and McaFee Enterprise 8.8 VirusScan Enterprise.

Anyone here have found a soultion?

Task Manger is showing 100% CPU, and Adobe Reader is not even running in the foreground, but it dead in the background.

Once I kill the Process it is down to 20% or less.

Any Idea, beside downgrading?

Is this a Adobe issues, or a Mcafee,

Highlighted

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

As a workaround and/or troubleshooting option, you could create an exclusion in your On Access Default Process policy to exclude "By file type", and exclude "PDF". Save the policy, wake the machine up, reboot, then attempt to open a PDF again, and note the result.

If you claim its OAS picking it up and spiking, this is a workaround.

Highlighted
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 11

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

Have you tried patch 2?  It addresses "CPU spikes...

VirusScanEnterprise 8.8 Patch 2 is now available. This release includes new features,fixes, and enhancements including:

  • Lotus     Notes compatibility for 8.5.x
  • Additional     logging during Patch installation
  • Various     fixes for field-reported issues, ranging from BSODs to Updates using     excessive bandwidth, and CPU spikes.

To downloadPatch 2, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx

You can viewthe Release Notes at: https://kc.mcafee.com/corporate/index?page=content&id=PD23934.

Highlighted

Re: Acrobat reader 10.1.4 hangs for 60 seconds on startup if McAfee On-Access Scanner Enabled

Jump to solution

Hi,

I experienced the exact same issue today in my environment where opening up PDF files would hang for seconds with VirusScan8.8 on Win7 with Adobe Reader 10.1.4.  Some of our users said it took up to 60 seconds to open up a PDF from Microsoft Outlook.  Some of our users reported that unplugging the network connection fixed the problem.  After investigating, it turns out to be a communication problem from our client computers to the GTI-Artemis backend (timeout issues or communication problems).  Try the GTI Artemis PDF test file and nslookups troubleshooting commands to confirm you have proper DNS communications to the GTI backend. 

In our particular environment, we have a very closed off isolated network from the Internet so we have to use McAfee GTI-Proxy appliances.  Something caused all our GTI-Proxy appliances to stop responding to DNS lookup requests which ultimately created the huge delays (timeouts) in opening up PDF files from Outlook.  We ended up rebooting all our GTI-Proxy appliance to get the business back to normal.

Ref:  https://kc.mcafee.com/corporate/index?page=content&id=KB53735, https://kc.mcafee.com/corporate/index?page=content&id=KB53733

Message was edited by: crash101 on 9/25/12 5:43:46 PM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community