5 Replies Latest reply on Sep 22, 2010 8:43 PM by rmetzger

    Windows XP pauses when DATs are updated


      We have Windows XP SP3 Pro (nothing else) here.


      EPO 3.6.1 on the server end and using the McAfee agent


      Using VSE 8.5i with patch 8


      Also see this on VSE 8.7i with patch 3


      When the scheduled DAT updates happen, the entire PC "pauses" for about 10-15 seconds.


      You can still move the mouse, but you can't click on anything.


      Is this normal and if NOT, any suggestions?

        • 1. Re: Windows XP pauses when DATs are updated

          Try turning off the "Scan Process on Enable" option.  Search the forums and KB for "Process on Enable" if you want more info on this setting.  You might want to check this out also: https://kc.mcafee.com/corporate/index?page=content&id=kb53690



          • 2. Re: Windows XP pauses when DATs are updated

            Crumb, I put the wrong version down.


            We're using EPO 4.5.1 server.


            All the rest of the info is correct though.



            There is no "scan processes on enable" in VSE 8.5 (I see the option in VSE 8.7i and it's NOT enabled as per the best practices guide),


            I'm not quite sure if there's "high cpu" during the DAT update since I cannot actually get task manager to load during the 10-20 second pause.


            The KB article you referenced doesn't apply since we are already at McAfee Agent 4.0 patch 3 (I believe that's what is) unless McAfee broke it again (the KB states it's fixed in mcafee agent 4.0 and epo 4.0)  We're at EPO 4.5, but I messed up on the Original Post so sorry about that.


            I did dig up the best practices guide so we'll see if adding the mcafee services to "low risk" fixes things.

            • 3. Re: Windows XP pauses when DATs are updated

              Sorry, I didn't pay attention to your version numbers very well.  Hopefully some of the other stuff you found will help.



              • 4. Re: Windows XP pauses when DATs are updated

                Oh not a problem.  I screwed up myself (sad when you mistake your own software that you're running)  haha


                But the KB search you mentioned (look for the enabled thingy) brought me to the Best Practices Guide which I have found very helpful.


                We'll know tomorrow how things go with the new settings/policy in place.

                • 5. Re: Windows XP pauses when DATs are updated

                  Another 'thingy' to try is LowerWorkingThreadPriority and SetProcessPriority.

                  Here is my .reg file that may help.



                  ;; Starting with VSE v8.5i, self-protection features are enabled.
                  ;; By default, VSE blocks registry changes to itself.
                  ;; You will need to temporarily disable some of the McAfee
                  ;; self-protection features.
                  ;; From the VirusScan Console
                  ;;    Access Protection > Properties
                  ;;        Uncheck 'Prevent McAfee services from being stopped'
                  ;;        Common Standard Protection
                  ;;            Uncheck (unBlock) 'Prevent modification of
                  ;;                McAfee files and settings'
                  ;;            Uncheck (unBlock) 'Prevent modification of
                  ;;                McAfee Common Management Agent'
                  ;; Now try to import this registry file or make needed changes.
                  ;; Then re-enable the McAfee self-protection features.
                  ;; From the VirusScan Console
                  ;;    Access Protection > Properties
                  ;;        Check 'Prevent McAfee services from being stopped'
                  ;;        Common Standard Protection
                  ;;            Check (Block) 'Prevent modification of
                  ;;                McAfee files and settings'
                  ;;            Check (Block) 'Prevent modification of
                  ;;                McAfee Common Management Agent'
                  ;; Now, restart the system.
                  ;; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                  ;; REGEDIT4
                  ;; LowerWorkingThreadPriority
                  ;; SetProcessPriority
                  ;; NoUpdaterUI
                  ;; see http://forums.mcafeehelp.com/showthread.php?t=221578
                  ;;  'McScript.exe eating CPU cycles for several mins'
                  ;;  1. Restart the system to activate.
                  ;; Solution 1 - Create a registry key LowerWorkingThreadPriority
                  ;;  as a DWORD and set the value to 1.
                  ;;  'CPU usage spikes during policy enforcement and a DAT
                  ;;   update'
                  ;; Solution:
                  ;;   A noticeable performance improvement is found when
                  ;;   using McAfee Agent 4.0 and ePolicy Orchestrator 4.0
                  ;;   server because ePO 4.0 compiles the policy
                  ;;   before sending it to the agent.
                  ;; Workaround:
                  ;; Solution 1 - "LowerWorkingThreadPriority"
                  ;; 1. Click Start, Run, type regedit, then click OK.
                  ;; 2. Navigate to and select the following registry key:
                  ;;    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework]
                  ;; 3. In the right-hand pane, right-click a blank space and
                  ;;    select New, DWORD Value.
                  ;; 4. For the name, type LowerWorkingThreadPriority and
                  ;;    press ENTER.
                  ;; 5. Right-click LowerWorkingThreadPriority and and select
                  ;;    Modify.
                  ;; 6. In the Value data field type 1, then click OK.
                  ;; 7. Click Registry, Exit.
                  ;; 8. Restart the McAfee Framework Service.
                  ;;  Only implement Solution 2 if the previous solution is not
                  ;;  sufficient to reduce the CPU usage sufficiently during a
                  ;;  policy enforcement and update.
                  ;;  Solution 2 - Disable the NoUpdateUI via the registry to
                  ;;  reduce the CPU usage:
                  ;; 1. Click Start, Run, type regedit, then click OK.
                  ;; 2. Navigate to the following registry location:
                  ;;    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator]
                  ;; 3. Right-click on NoUpdaterUI and select Modify.
                  ;; 4. In the Value Data field change the value to 1,
                  ;;    then click OK.
                  ;; 5. Click Registry, Exit.
                  ;; 6. Restart your computer.
                  ;; see https://kc.mcafee.com/corporate/index?page=content&id=KB53690&pmv=print
                  ;; Policy Enforcement Interferes with Real-Time Application
                  ;; Corporate KnowledgeBase ID:     KB66971
                  ;; Published:  October 15, 2009
                  ;; Environment
                  ;; Summary
                  ;; CPU spikes that occur during a policy enforcement may
                  ;; interfere with the performance of real-time applications.
                  ;; When no other applications are being utilized on the client,
                  ;; McAfee Agent 4.5 utilizes the available CPU to complete
                  ;; its activity, in this case policy enforcement. This is normal
                  ;; and expected. If other applications are being utilized during
                  ;; the policy enforcment, or if they start during a policy
                  ;; enforcement, McAfee Agent 4.5 will yield the CPU to the
                  ;; higher priority process. However, there can be momentary\
                  ;; spikes in CPU during this time.
                  ;; Policy enforcement is a CPU intensive function, as is
                  ;; running most real-time applications. McAfee Agent 4.5
                  ;; has improved performance during policy enforcement,
                  ;; and in many cases interference with other applications
                  ;; is not noticed at the end point. While performance has
                  ;; improved, some degradation may be noticed depending
                  ;; on the nature of the application. Because of this, voice
                  ;; degradation might be noticed when using products
                  ;; such as Voice over IP software. In situations where
                  ;; interference does occur, the default policy interval of
                  ;; five minutes might not be ideal.
                  ;; Solution
                  ;; McAfee is investigating this issue. As a temporary
                  ;; measure, implement the workaround shown below.
                  ;; Workaround
                  ;; CAUTION: This article contains information about
                  ;; opening or modifying the registry.
                  ;;    * The following information is intended for System
                  ;;      Administrators. Registry modifications are irreversible
                  ;;      and could cause system failure if done incorrectly.
                  ;;    * Before proceeding, McAfee strongly recommends
                  ;;      backing up your registry and understanding the restore
                  ;;      process. For more information, see:
                  ;;      http://support.microsoft.com/kb/256986
                  ;;    * Do not run a .REG file that is not confirmed to be a
                  ;;      genuine registry import file.
                  ;;    1. Increase the length of the policy enforcement interval.
                  ;;       The default is five minutes. Increasing the length of
                  ;;       time might make noticeable interference less frequent.
                  ;;    2. Implement a lower thread and lower process priority
                  ;;       for McAfee Agent functions on clients:
                  ;;       [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework]
                  ;;    3. Under the Framework registry key, do the following:
                  ;;       * Change the SetProcessPriority DWord value to 1.
                  ;;         This lowers the process priority.
                  ;;       * Change the LowerWorkingThreadPriority DWord
                  ;;         value to 1. This lowers the worker thread priority
                  ;;         to below normal.

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework]
                  ;;  "LowerWorkingThreadPriority"=-
                  ;;  "SetProcessPriority"=-

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator]
                  ;;  "NoUpdaterUI"=dword:00000001


                  Let us know if this helps. Thanks,

                  Ron Metzger