Showing results for 
Search instead for 
Did you mean: 
Level 7

ProcMon showing constant registry queries on vdmdbg.dll & IE download directory


New to the forums!

I've been having an issue with ePO here lately on a terminal server. We have ~10 users running Microsoft Access XP/2003 running various queries/databases. I had found an article in the KB about setting msaccess.exe as a low-risk process & excluding it from the Buffer Overflow Protection (BOP). I have done both. I honestly believe this resolved my issues with the mcshield.exe running against msaccess.exe when queries were running which is great.

Now, McAfee is running 40-50% for ~30 seconds every couple of minutes. I found articles to run ProcMon to see what mcshield.exe is doing. I have attached a log file from this morning. It seems like McAfee continues to scan a couple registry keys:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ & ..\Download Directory - Key to set where you want the download directory to be for IE. CPU Blips to 20% for a few seconds.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\VDMDBG.DLL - CPU hits 40-50% for 30 seconds or so.

You can see from the log this is on a very consistant basis. I'm not sure what settings in ePO would causes such a behavior. One additional note, it causes mcshield.exe to grow in size. Last night it was at around 40MB. This morning, it is at 98MB.


Message was edited by: ctrusty on 7/12/11 2:49:34 PM CDT
0 Kudos
1 Reply
Level 7

Re: ProcMon showing constant registry queries on vdmdbg.dll & IE download directory

I apologize but for some reason my logfile wasn't attached on the original post. You can see the constant queries to the registry.

0 Kudos