cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan Enterprise Excessive Resource Usage

Hi all,

My first post here, hoping to get some insight on this...

We have all corporate machines running McAfee VirusScan Enterprise and HIPS.

From what I've been told (I'm reasonably new at this company), VirusScan runs a full check on Fridays.

We had about 5-6 people on the Friday just gone (11th March) complaining about how slow their computers are running, only to find that disk and CPU utilisation by McAfee was excessively high.

My question is: Is this normal and can anything be done to reduce the resource usage? Or is this a widespread issue and is there maybe a patch being developed for this?

Please note: The computer that provided the screenshot is a very high power machine and the memory usage of the application below it (LogRhythm Console) is normal - this does not affect the PC's usual running capabilities. Other machines that have consistently average RAM utilisation were still experiencing this issue.

The machine of the screenshot provided was running the following versions:

HIPS build number: 8.0.0.3363

Agent version: 4.8.0.1938

VirusScan Enterprise version: 8.8.0.1445

All computers are managed centrally via the ePolicy Orchestrator, so they will all be running the same versions, as far as I'm aware.

I hope this is sufficient information for anyone to respond.

Many thanks in advance for any help.

Anthony

5 Replies

Re: VirusScan Enterprise Excessive Resource Usage

We had something very similar here but was only evident after installing Patch 6. After going through the information

We made the changes and all back to normal. CPU usage around 25-27% during a full disk scan .

Re: VirusScan Enterprise Excessive Resource Usage

I've just found another thread dating back to 2012 and they were still having this issue back then, on Patch 1 or 2... We are on Patch 6 and still experiencing this issue.

Regarding the ProTip document that you linked, system utilisation is already set to 'Low' and the other options aren't viable for us, as virus protection and computer and data integrity is paramount for us. (Wouldn't be very good if a zip folder containing malicious code, macros or viruses was skipped by McAfee and then ended up compromising our security, would it)

Re: VirusScan Enterprise Excessive Resource Usage

Is it possible that there was some form of .dat definition update on the day that this happened, which caused it to require more computer power to scan and update?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: VirusScan Enterprise Excessive Resource Usage

Hello Anthony, In answer to your first question is no this is not the normal. Here are a few things to keep in mind. If your managing via ePO, what time of day did they experience it? Staggered, 5pm or another time

Can you share what kind of shooting you might have attempted. For the purposes of shooting on client, disable access protection and measure, re-enable and disable on access scanner and measure. What were your results?

Re: VirusScan Enterprise Excessive Resource Usage

In a very similar setup except I have Patch 7 for Mcafee 8.8 (8.8.0.1528) I was getting this exact same thing.  I noticed MACOMPATSVC.EXE getting blocked right before it happened via the AP rule seen below.  Once I added this to the exception it went away.  I tired called Mcafee support and have a case but they have not responded to it since 3/15 after daily status update inquiries.  Mcafee support seems to have taken a break recently.  Check your AP logs on those machines to see if something that should be happening for Mcafee is being blocked by Mcafee.

3/14/20168:54:02 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES\MCAFEE\AGENT\X86\MACOMPATSVC.EXEHKLM\SOFTWARE\WOW6432NODE\MCAFEE\SYSTEMCORE\VSCORE\ON ACCESS SCANNER\MCSHIELD\CONFIGURATION\DEFAULT\Common Standard ProtectionSmiley Tonguerevent modification of McAfee files and settingsAction blocked : Write