We are using VSE 8.7 on all of our workstations and lots of the workstations use an intranet site throughout the day but a few of them are having problems with the performance of the site. What we have found is that when the site is running slowly for them the McShield.exe process is taking up a large amount of the CPU on each workstation. Is there any way we can get VSE to log exactly what it is scanning? This doesn't happen all the time so I don't want to have to sit there and watch the "last file scanned" thing for ages whilst the user's try to access the site (also this wouldn't be very accurate as I could easily miss something).
It sounds like you need to analyze the differences between those who do not see the problem and those who do, correct?
A couple of questions:
- Are these systems (having problems) 32 bit or 64 bit Windows?
- Is .Net Framework v2.0 installed?
- Have you White Listed or changed the White Listing of your intranet site
McAfee has a tool for helping with this analysis.
Profiler requires .Net Framework 2.0 to be installed and works on 32 bit Windows (XP and above).
Hopefully this tool can help isolate what is happening on both the good and badly behaving systems.
Let us know if this helps.
Check out VirusScan Profiler:
What is McAfee VirusScan Profiler?
McAfee VirusScan Profiler provides administrators the ability to see how McAfee processes are affecting their systems and ultimately performance.
McAfee VirusScan Profiler gathers statistics from systems and shows how on-access scan is affecting the CPU. McAfee Profiler captures top processes and files that are accessed by on-access scan. Based on the data collected, an administrator can decide if they want to exclude a process or a file for scanning to lessen the impact on the system.
To download the McAfee VirusScan Profiler:
- Go to http://mer.mcafee.com/enduser/downloadmcprofiler.aspx.
- Accept the license agreement, and then click Download.
Ron beat me to it!
See also KnowledgeBase article KB69683 with a link to the documentation.
Thanks for the replies guys, I ran the Profiler and got the user to try doing something on the website that goes slow (sure enough McShield started taking up around 70% of the CPU again). However, looking at the profiler log all I can see is that it scans the following, all in the temporary internet files folder:
File Read/Write Count Percentage trident.js 5 17% dxr.axd 4 13% dxr.axd 4 13% salescontracts.htm 3 10% scriptresource.axd 3 10%
The thing is though, I can't just exclude the temporary internet files folder because obviously that is one of the most likely locations for a virus to originate from, so any ideas how we can avoid this? I'm going to run the profiler on some of the workstations that do not have this problem and see what sort of stats they report but not sure how that is going to help either way really..
1 of 1 people found this helpful
I suspect it's actually an issue with Scriptscan with that website - not the actual On-Demand scanner. From memory, profiler won't seperate out what is being scanned.
Have a look at whitelisting the website
Thanks that sounds like it will help and even if it doesn't sort out this problem I'm sure its worth doing for our internal websites. Will give it a go and let you know the results thanks
Adding the site to the ExcludedURLs registry key seems to have made a big improvement thanks! We have now rolled this out to all of our workstations via group policy (if anyone wants the group policy ADM file I made for controlling this setting just let me know).