0 Replies Latest reply on Oct 27, 2010 6:12 PM by JohnOz

    McShield.exe causing high CPU usage when starting On Access Scan



      We apparently have a "sensitive" application that while running and On-Access Scan is enabled from a disabled state (from the mcconsole) it causes the application to crash.  I'm not quite sure what specifically is causing the crash, but I notice the McShield.exe process spikes to 99%-100% when the crash occurs and after that all is good.


      I can match correlate each occurrance of the crash to an event in the Windows Event Log which indicates the McShield Service was started.


      Source: McLogEvent

      ID: 5000


      McShield service started.

      Engine version : 5400.1158

      DAT version : 6135.0000


      Number of signatures in EXTRA.DAT : None

      Names of threats that EXTRA.DAT can detect : None

      It doesn't have anything to do with the Policy reinforcement Interval as I can do a collect and send props all day without duplicating the issue, it is only linked to the start of the OAS service.  The issue occurs when there is a DAT update since when applying the DAT OAS is forced to shutdown and restart.  Our update task is set to occur at 2am every morning and machines are online overnight, but the service continues to be restarted periodically throughout the day (2-3) times without any regular intervals.


      Once On-Access Scanning is running, all is fine...the application runs perfectly well, but McShield service keeps restarting and thus crashes the application...



      Is there a way to prevent the service from taking up so much CPU when OAS is enabled? 


      How do I determine what's causing the service to keep restarting when new DAT's are not being applied?  Is it possible for the service to be restarted because it thinks it got a DAT even though the DAT version never changed?



      • Our policy does have the "Scan Processes on Enable" enabled, but after disabling it the issue is still present.
      • Disabled all scanning option in the On-Access Default Processes Policy (scans writes only)
      • Disabled all scanning option in the On-Access Default Processes Policy (scans reads only)
      • Applied VSE 8.7i Patch 4
      • Applied Agent 4.5 Patch 2
      • Tried the registry fix for Agent Updates


      Windows XP SP3

      VSE 8.7i SP4

      Agent 4.5 SP2