We are running EPO managed VirusScan Enterprise 18.104.22.1689 and our machines are just getting killed by the MCSHEILD.EXE process.
The process constantly uses 20% of CPU and when an on-demand scan is scheduled this can go up to 90%. We have implemented pretty much everything in https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22940/en_US/...
Yet there is no let up in performance woes. The CPU usage is interfering with simple actions like typing, causing delays and general system slowness.
I am convinced that there must be something wrong with our setup as this cannot possibly be behavior experienced or acceptable by others.
Please can you provide any hints as to where to start troubleshooting this issue?
Try McAfee Profiler
McAfee Profiler captures top processes and files that are accessed by the VirusScan Enterprise (VSE) On-Access Scanner (OAS). Based on the data collected, an administrator can choose files or processes to exclude from scanning to lessen the impact on the system.
It can also be used during ODS - Run it for 5 - 10 minutes on a node that is experiencing high CPU - During high CPU, you may need to disabled McSheild, install profiler, and re-enable McSheild.
We have tried the profiler, and it yields little results. It shows the main processes/files are already defined as low priority.
The bigger issue is with the On-Demand Scan, rather than on-access scanning. The On-Demand scan is set to run weekly and severely impacts performance. Scans can take several hours to run, and the CPU is 80% or more even if the user is trying to work. The documentation stating that the MCSHEILD process is prioritized by the OS and should back off if the user is performing tasks does not appear to work. All settings are configured for low impact/best user experience, but it is anything but.
In my last Co, we used Symantec and no one even noticed it scanning, I cannot believe McAfee consumes so much resource.
Are the OAS Scan Items & Exclusions the same on ODS? On the ODS, what is the System utilization set at and Artemis (Heuristic network check for suspicious files) set at?