cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

mcshield.exe gone rogue

10 times a day, mcshield.exe seizes 75 to 99 percent of my CPU on a Dell corei5 processor laptop running Windows 7 Enterprise and mcafee ver 5.5.1.388. Unable to switch applications, open a document, nothing. Why is this app not throttling itself to 10% or less CPU and below normal priority? Our Help Desk has been useless in helping resolve this issue. The seizure lasts 1 to 3 minutes. McAfee Profiler is useless since by the time I can launch it (remember, no CPU available), the seizure is over.
7 Replies
McAfee Employee patrakshar
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: mcshield.exe gone rogue

Hi @David_F ,

Can you confirm if there is any On Demand Scan running on the machines when you are seeing this behavior?

If no ODS is running  then there is some application which is mostly getting timed out because of repeat I/O. Best option will be to check On Access Scanner log and see if there is any Time out. If not, then when you are seeing the high CPU utilization run the Procmon on the machine. Just capture it for a minute or two and share the output (Procmon Download: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)

From Procmon we can easily figure out what is happening during that window.

Re: mcshield.exe gone rogue

Where do I find ODS setup and OAS log? If you're talking mcafee scans, that is all controlled by our corporate IT dept.
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: mcshield.exe gone rogue

The logs are found in %Programdata%\Mcafee\EndpointSecurity\Logs

If you do find a scan running, then you'll need to contact your IT department and ask them to change the settings. Judging by the description it sounds like they could have "scan on idle" enabled which would mean the scan will be pausing and re-starting constantly meaning you'll be impacted for longer. 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: mcshield.exe gone rogue

OnAccessScan_Activity.log - nothing from yesterday when the seizure happened maybe 10 times. Will use PROCMON today and post. Thanks. 9/10/2019 6:15:52 AM mfetp(5848.7744) oasbl.OAS.Activity: AMCore content version = 3820.0 9/10/2019 6:41:29 AM mfetp(5848.6756) oasbl.OAS.Activity: AMCore content version = 3826.0 9/11/2019 4:42:50 AM mfetp(5848.6748) oasbl.OAS.Activity: AMCore content version = 3827.0 9/11/2019 9:01:38 AM mfetp(3880.7012) oasbl.OAS.Activity: AMCore content version = 3827.0 9/11/2019 5:43:58 PM mfetp(5468.7144) oasbl.OAS.Activity: AMCore content version = 3827.0 9/13/2019 7:08:14 AM mfetp(5436.6476) oasbl.OAS.Activity: AMCore content version = 3827.0
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: mcshield.exe gone rogue

Look at the ODS (On Demand Scan) Log.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: mcshield.exe gone rogue

ProcMon - it is logging  thousands of events per minute. Even with the filter on to mcshield, there is way too much info to post. The last file was 763 mB. How is that useful? And it seems tech support in this post/chain and posts about mcshield simply keeps asking for more and more diagnostic data and never addresses the problem - or even admits there is one. Why do dozens of my colleagues have this same issue? It ain't just my PC.  hashtagFrustratedWithMcAfeeCorp

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: mcshield.exe gone rogue

HI @David_F 

Procmon is not the best way of showing what the scanner is doing. Like you said it gives you thousands of entries per minute. This is because even if you have excluded items mcshield still needs to pick up the file and check if it should be excluded or is in cache already so it can then decide to either scan it or release it again.

To explain what would be expected behaviour so you understand why we were pointing you in the correct direction: We expect to see high CPU during an ODS scan for the process mcshield. There is no way of us restricting this either as the resources are given to this process by Windows. Have you managed to check the On Demand Scan Log to see if a scan was running at the time you are experiencing the issue? You previously shared an extract from the On Access Scan Log.

If no ODS is running then mcshield would display high CPU if an other application is running or the system generally is performing an activity which is high in read/ write activities. Each of these read/ write activities would mean we need to monitor it which therefore results in high CPU if the system is of course busy. If these symptoms are displayed when using a specific application it may be that certain exclusions are needed to ensure firstly that the application can run without being interrupted and secondly so that you don't see the high CPU.

With either of these options you are going to need to reach out and work with your corporate IT dept because they will control the configuration of the product. Of course your findings may help them decide which configuration changes need to be made. Hope this helps somewhat.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community