cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chris128
Level 7
Report Inappropriate Content
Message 1 of 11
‎10-22-2010 06:28 AM

See what On Access Scan is actually scanning

Hi Guys,

We are using VSE 8.7 on all of our workstations and lots of the workstations use an intranet site throughout the day but a few of them are having problems with the performance of the site. What we have found is that when the site is running slowly for them the McShield.exe process is taking up a large amount of the CPU on each workstation. Is there any way we can get VSE to log exactly what it is scanning? This doesn't happen all the time so I don't want to have to sit there and watch the "last file scanned" thing for ages whilst the user's try to access the site (also this wouldn't be very accurate as I could easily miss something).

Thanks, Chris

0 Kudos
Reply
10 Replies
rmetzger
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 11
‎10-22-2010 09:21 AM

Re: See what On Access Scan is actually scanning 

chris128 wrote:
Hi Guys,
We are using VSE 8.7 on all of our workstations and lots of the workstations use an intranet site throughout the day but a few of them are having problems with the performance of the site. What we have found is that when the site is running slowly for them the McShield.exe process is taking up a large amount of the CPU on each workstation. Is there any way we can get VSE to log exactly what it is scanning? This doesn't happen all the time so I don't want to have to sit there and watch the "last file scanned" thing for ages whilst the user's try to access the site (also this wouldn't be very accurate as I could easily miss something).
Thanks, Chris

Hi Chris,

It sounds like you need to analyze the differences between those who do not see the problem and those who do, correct?

A couple of questions:

  1. Are these systems (having problems) 32 bit or 64 bit Windows?
  2. Is .Net Framework v2.0 installed?
  3. Have you White Listed or changed the White Listing of your intranet site

McAfee has a tool for helping with this analysis.

Profiler requires .Net Framework 2.0 to be installed and works on 32 bit Windows (XP and above).

Hopefully this tool can help isolate what is happening on both the good and badly behaving systems.

Let us know if this helps.

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
0 Kudos
Reply
woodsjw
Level 7
Report Inappropriate Content
Message 3 of 11
‎10-22-2010 09:22 AM

Re: See what On Access Scan is actually scanning

Check out VirusScan Profiler:

What is McAfee VirusScan Profiler? 
McAfee VirusScan Profiler provides administrators the ability to  see how McAfee processes are affecting their systems and ultimately  performance.

McAfee VirusScan Profiler gathers statistics from  systems and shows how on-access scan is affecting the CPU. McAfee Profiler  captures top processes and files that are accessed by on-access scan. Based on  the data collected, an administrator can decide if they want to exclude a  process or a file for scanning to lessen the impact on the system.

To download the McAfee VirusScan  Profiler:

  1. Go to  http://mer.mcafee.com/enduser/downloadmcprofiler.aspx.
  2. Accept the license agreement, and then click  Download.

Ron beat me to it!

Message was edited by: woodsjw on 10/22/10 8:23:25 AM GMT-08:00
0 Kudos
Reply
sgrimmel
Level 11
Report Inappropriate Content
Message 4 of 11
‎10-25-2010 04:39 AM

Re: See what On Access Scan is actually scanning

See also KnowledgeBase article KB69683 with a link to the documentation.

HTH

0 Kudos
Reply
chris128
Level 7
Report Inappropriate Content
Message 5 of 11
‎10-27-2010 05:36 AM

Re: See what On Access Scan is actually scanning

Thanks for the replies guys, I ran the Profiler and got the user to try doing something on the website that goes slow (sure enough McShield started taking up around 70% of the CPU again). However, looking at the profiler log all I can see is that it scans the following, all in the temporary internet files folder:

FileRead/Write CountPercentage
trident[1].js517%
dxr[3].axd413%
dxr[4].axd413%
salescontracts[1].htm310%
scriptresource[1].axd310%

The thing is though, I can't just exclude the temporary internet files folder because obviously that is one of the most likely locations for a virus to originate from, so any ideas how we can avoid this? I'm going to run the profiler on some of the workstations that do not have this problem and see what sort of stats they report but not sure how that is going to help either way really..

Thanks

Chris

0 Kudos
Reply
Mal09
Level 12
Report Inappropriate Content
Message 6 of 11
‎10-27-2010 06:31 PM

Re: See what On Access Scan is actually scanning

I suspect it's actually an issue with Scriptscan with that website - not the actual On-Demand scanner. From memory, profiler won't seperate out what is being scanned.

Have a look at whitelisting the website

https://kc.mcafee.com/corporate/index?page=content&id=KB65382

0 Kudos
Reply
chris128
Level 7
Report Inappropriate Content
Message 7 of 11
‎10-28-2010 05:49 AM

Re: See what On Access Scan is actually scanning

Thanks that sounds like it will help and even if it doesn't sort out this problem I'm sure its worth doing for our internal websites. Will give it a go and let you know the results thanks

0 Kudos
Reply
chris128
Level 7
Report Inappropriate Content
Message 8 of 11
‎10-30-2010 08:15 AM

Re: See what On Access Scan is actually scanning

Adding the site to the ExcludedURLs registry key seems to have made a big improvement thanks! We have now rolled this out to all of our workstations via group policy (if anyone wants the group policy ADM file I made for controlling this setting just let me know).

Reply
JoeMace
Level 8
Report Inappropriate Content
Message 9 of 11
‎10-26-2018 09:27 AM

Re: See what On Access Scan is actually scanning

@chris128

 

Would you mind giving me some pointers please?

0 Kudos
Reply
chealey
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 11
‎10-29-2018 01:31 AM

Re: See what On Access Scan is actually scanning

Hi all, whilst profiler is very handy to do a basic analysis of what the scanner is doing, the following KB will help assess potential exclusions what the scanner is touching - bare in mind, this will also show you already excluded paths!

https://kc.mcafee.com/corporate/index?page=content&id=KB50981

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC