5 Replies Latest reply on Aug 2, 2010 1:30 AM by Attila Polinger

    Stall 4 seconds caused by McAfee

      Hi,

       

      My Laptop has a stall of 4 seconds every 5 minutes.

      Even the Performance Monitor is missing 4 seconds of information (see picture below).
      After some investigation this seems to be caused by some of the McAfee Services.

       

      Frameworkserver-stall.JPG

       

      By checking the settings of the modules I found that EpO was forcing some settings every 5 minutes.

      So I uninstalled the EpO (with the uninstall instructions of McAfee).

      But still we have a stall of 4 sec. every 5 min.

       

      I used FileMon to monitor the file activities.

      In the list below there is an overview of the different Services or Exec and the number of I/O actions in those 4 seconds.

      Especially the FrameworkService is making overtime, more than 10.000 I/O actions in 4 sec!

      (if somebody is interested in the complete log, let me know)

       

      Service or Exec                 I/O actions

      FrameworkServic

      10938

      svchost.exe

      1

      naPrdMgr.exe

      364

      UdaterUI.exe

      6

      Mctray.exe

      4

      Mcshield.exe

      227

      FireSvc.exe

      69

      McScript_InUse.

      910

      procexp.exe

      67

       

      My McAfee environment:

      McAfee AutoUpdate

           Versie - 4.0.0.1494

      Host Intrusion Prevention 7.0.0

           Versie - 7.0.0.1070

      Product Coverage Report

           Versie - 4.0.0.1494

      McAfee VirusScan Enterprise Workstation

           Versie - 8.7.0.570

           Virusdefinities

                Versie - 6048.0000

                Installatiedatum - 20-07-10 8:52:15

                Gemaakt op: 07192010

           Hotfixes

                Versie - 3

                Installatiedatum - 03-06-10 12:28:01

      McAfee AntiSpyware Enterprise Module

           Versie - 8.7.0.129

       

      If somebody has a clue, please let me know.

       

      Regards,

       

      Barge

       

        • 1. Re: Stall 4 seconds caused by McAfee
          pato

          Hi Barge

          Do you also have this issue if you completely uninstall Mcafee from that system?

           

          Thanks,

          pato

          • 2. Re: Stall 4 seconds caused by McAfee

            Hi pato,

             

            I'm not the only one in our company.

            Our IT department did a complete uninstall-reinstall on some laptops with 0 results.

             

            I completely stopped the FrameworkService for now, and everything runs smooth.

             

            Regards,

            Barge

            • 3. Re: Stall 4 seconds caused by McAfee
              Attila Polinger

              Hi Barge2,

               

              I think we could find something useful in the Framework service log. could you please check for Agent_yourhostname.log and post it here?

               

              Thank you:

              Attila

              • 5. Re: Stall 4 seconds caused by McAfee
                Attila Polinger

                Hello,

                 

                this kind of message appears every 5 minutes in the Agent_NXP001470.log:

                Sched Task conflict is detected, task [Taskname - varies - AP] is waiting for execution

                I have also noticed that two of your deployment tasks are very close to each other (just 4 seconds away, as I saw). One is that attempt to install (re-install)
                McAfee Agent, Virusscan and MA) and another for HIPS with the same aim.

                 

                In McScript.log:


                A connection timeout occurs on perhaps the update sites on port 8550 and 8552. It is around 4 secs until the updater gives up and says
                it is unable to connect:

                 

                2010-07-20 08:12:58 E #4216 creposi  [Candidate ePO_CP-AS510-V: testing]->
                2010-07-20 08:12:58 E #4216 creposi  [downloadFile,SiteStat.xml,C:\WINDOWS\TEMP]->
                2010-07-20 08:12:58 E #4216 imsite  [downloadFile,SiteStat.xml,,C:\WINDOWS\TEMP,1]->
                2010-07-20 08:12:58 E #4216 naInet   Host address CP-AS510-V.gos.oce.net seems invalid.
                2010-07-20 08:13:02 I #4216 naInet Unable to connect to CP-AS510-V on port 8550.
                2010-07-20 08:13:02 I #4216 naInet Retrying connection to CP-AS510-V on prtt 8550 ...
                2010-07-20 08:13:02 I #4216 naInet Connecting to Real Server: CP-AS510-V on port: 8550
                2010-07-20 08:13:02 E #4216 naInet Error trace:
                2010-07-20 08:13:02 E #4216 Thread  [Main thread]->
                2010-07-20 08:13:02 E #4216 SessMgr  [initializeScript]->
                2010-07-20 08:13:02 E #4216 creposi  [setNextRepositoryToUse]->
                2010-07-20 08:13:02 E #4216 creposi  [Candidate ePO_CP-AS510-V: testing]->
                2010-07-20 08:13:02 E #4216 creposi  [downloadFile,SiteStat.xml,C:\WINDOWS\TEMP]->
                2010-07-20 08:13:02 E #4216 imsite  [downloadFile,SiteStat.xml,,C:\WINDOWS\TEMP,1]->
                2010-07-20 08:13:02 E #4216 naInet   Host address CP-AS510-V seems invalid.

                 

                and again:

                 

                2010-07-20 08:13:44 E #4216 creposi  [Candidate ePOSA_OCEIE-DC1: testing]->
                2010-07-20 08:13:44 E #4216 creposi  [downloadFile,SiteStat.xml,C:\WINDOWS\TEMP]->
                2010-07-20 08:13:44 E #4216 imsite  [downloadFile,SiteStat.xml,,C:\WINDOWS\TEMP,1]->
                2010-07-20 08:13:44 E #4216 naInet   Host address OCEIE-DC1.oceie.oce.net seems invalid.
                2010-07-20 08:13:49 I #4216 naInet Unable to connect to OCEIE-DC1 on port 8552.
                2010-07-20 08:13:49 I #4216 naInet Retrying connection to OCEIE-DC1 on prtt 8552 ...
                2010-07-20 08:13:49 I #4216 naInet Connecting to Real Server: OCEIE-DC1 on port: 8552
                2010-07-20 08:13:49 E #4216 naInet Error trace:
                2010-07-20 08:13:49 E #4216 Thread  [Main thread]->
                2010-07-20 08:13:49 E #4216 SessMgr  [initializeScript]->
                2010-07-20 08:13:49 E #4216 creposi  [setNextRepositoryToUse]->
                2010-07-20 08:13:49 E #4216 creposi  [Candidate ePOSA_OCEIE-DC1: testing]->
                2010-07-20 08:13:49 E #4216 creposi  [downloadFile,SiteStat.xml,C:\WINDOWS\TEMP]->
                2010-07-20 08:13:49 E #4216 imsite  [downloadFile,SiteStat.xml,,C:\WINDOWS\TEMP,1]->
                2010-07-20 08:13:49 E #4216 naInet   Host address OCEIE-DC1 seems invalid.

                 

                My advice would be to temporarily stop HIPS deployment task and check McScript.log for the above errors (if they recur or not). By all means please displace the deployment tasks from each other by using different schedules or randomizations in the tasks.

                 

                I think the ominous 4 secs stall coud be because the timeouts in McScript.log and the first task conflict error is just a mere coincidence (or consequence, who knows).

                 

                Hope I could be of some help.

                 

                Attila

                 

                 

                Message was edited by: Attila Polinger on 8/2/10 8:30:16 AM CEST