I have used McAfee VirusScan Enterprise with ePolicy Orchestrator for the last 5 years. This sort of problem has plagued us the whole time (With misc machines at misc times.) I started monitoring this thread as I am pretty sure the consumer and corporate versions have a signigicant amount of shared code. My latest problem is mcshield (vse8.8) taking 50-100% CPU on a Core2Duo system for long periods of time. It is random, intermittent and completely swamps the machine making it almost useless. It does not seem to happen to all machines which leads me to believe it is a conflict with some sort of software, but have not been able to tell what even after many many hours of troubleshooting with tools like Process Montior, Process Explorer, TCPView, etc. To work around the problem, I am now using a virtual machine with 10GB RAM and 8 CPU cores. On this one, I see the CPU of one core go to near 100% at times (mcshield) but it doesn't affect much as the system has 8 cores.
I have pretty well run out of things to try after disabled most of the advanced protections and exempting everything that it could possibly hang up on, there is not much left. I have also followed the McAfee Best Practices Guide to the letter and it made no difference. Calls with support in the past have been painful wastes of time while they pretend they've never heard of such a problem, then finally try it in house and are suprised when they can duplicate my results. It usually ends with "we just released version X and if you upgrade, the problem is solved. No patch for the current version" Only to return a few months down the road.
Let me be clear, our systems are old and slow (although many are dual core and still experience this sort of problem), and this doesn't happen constantly, but it has been happening frequently to random systems at random times for 5 years with VSE8.0, 8.5, 8.7 and now 8.8.
To those who wonder what is different about the corporate versions, it is mainly that they can be deployed and updated automatically from a central server. Settings can be controlled centrally and you can generate reports about what is being blocked (Mostly Tracking coookies). It doesn't really protect any better and from what I have seen it is really only marginal at catching things. We have been infected with fake spyware over and over and over and McAfee will scan the obvious malware and say it is clean with up to date DAT files. Many times I find the malware just by know where to look, then scan it with other products and it is flagged right away even though McAfee will give it a pass. Give it a week and McAfee will catch it too. That is way way way too long.
I am now looking at and trialing several other products as I AM DONE WITH MCAFEE. Too many hours wasted for me and my users. The only reason I didn't replace it several years ago was that I have been busy with larger and much more important migrations, upgrades etc as our company went through massive structural changes. The time to just suffer with the problem was less than to implement a new product. And I figured and some point they would improve the product. Nope...
Thanks for trying, but I think we have just lost the love for this product and need to move on... All my time will be dedicated to implementing something else.
Sorry about that, good luck. I moved it simply because most home users wouldn't know what you were talking about as the products are so different.
Please check the following,
Processes to add in low-riskProcesses List
Also verify that where mcshield process is running from, the default location is C:\Program Files\Common Files\McAfee\SystemCore, and if you see a different location then it could be a malware.
1.open task Manager
4.Check Image Path Name and click OK.
5.Now verfy the process location.Message was edited by: alexn on 8/30/12 2:46:56 PM CDT
Yes, all of the above was done, plus anything in the best practices guide. No errors, only ePO agent and VSE running. No other security products period. May have possibly had some bad interraction with LastPass, but most users don't use that so that would only account for some.
The problem comes and goes as it wants. It's not scheduled scans or updates those all run well after hours.
I am not actively trying to solve this anymore. Just thought I would post as I know there are others with the same problems who might feel better to know they are not alone. The consumer thread that this was branched off of was running for 2 years with the most recent incarnation of the problem starting for most about a year ago and still not solved.on 8/30/12 3:39:16 PM CDT
Please try the following and I belive it will solve your issue.
Adding a file in the Exclusions tab of the Default Processes policy, but not adding it to the Exclusions for the High Risk policy, means the file will still be scanned by the High Risk processes policy.
Adding a process to Low-Risk potentially impacts on your security, ensure you do so only when strictly necessary and warranted.
My McAfee subscription comes up in October. I cancelled the automatic subscription and advised McAfee that I no longer need or want their product, giving my reasons, which were loss of performance (like 50-100% usage by mcshield) and over 100MB memory usage.
I have a Core2Duo, where it seems almost no one else has a problem, according to this thread. But I have a problem, as I mentioned in earlier posts, and the input from a--t--m showed that it is a real problem for others, even for corporate systems.
For the time being, I'll go with MSE and whatever else I find that helps. I do not need an anti-virus that takes most of my performance and a lot of memory. I can decide later if I want to change back.
I am also being bombarded with renewal reminders from McAfee, even offering $40 off for two years. I would like to have security and performance. For similar reasons I dropped Norton and took up McAfee a few years ago. Looks to me like the free ones could be better finally (even though not really free, just squashing the competition).
I'd like to ask a few questions and make a few comments:
- did you install and run a full defragmentation and optimization on the drives of this computer (my personal fav is MyDefrag - monthly script)?
- did you consider relocating the pagefile from the C: drive (if it is there) to another (if there is one) and review virtual memory settings (whether it should be system managed, fixed or minimum/maximm sized, etc.)
- there is some trick with certain systems and their exclusion where hardware paths are reported to virusscan (consequently exclusions you defined might not work). Please see: https://kc.mcafee.com/corporate/index?page=content&id=KB61000
- there is a McAfee Profiler utility, which when installed and run collect files that have been most accessed (and maybe scanned) by Mcshield. this can help you identify needs for future exclusions.
- I personally witnessed them being scanned (when read scanning was enabled in the policy) and therefore always exclude no matter what, Virusscan temporary DAT files: WFV*.TMP and MFE*.DAT (see KB65459).
We have also some very slow systems with limited RAM and CPU speed and therefore could not even run Process Monitor or Explorer because that would really drag them down, but if you can, please run Process Monitor and limit monitoring to Mcshield.exe and see what files it scans, if the above to-do list still does not make your problem go away.
VirusScanEnterprise 8.8 Patch 2 is now available. This release includes new features,fixes, and enhancements including:
Todownload Patch 2, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.
You can view theRelease Notes at: https://kc.mcafee.com/corporate/index?page=content&id=PD23934