9 Replies Latest reply on Jan 18, 2011 4:42 PM by sundar.8212

    McShield Spikes when starting programs

      When loading MS Word started taking two minutes, I looked at task manager, and MShield was taking 50% of CPU!  I looked at the onaccess.log, and it showed that is is scanning hundreds of files when I open one program!   It also does this with a data modeling tool we use, and it does it sometimes randomly it seems.  And it just started doing this about two weeks ago. Any ideas?


      Enterprise Virusscan version

        • 1. Re: McShield Spikes when starting programs

          I find these hard to debug.  If you're not on patch 4, consider it.One machine, or all machines?  What OS?


          And, as someone who is very fond of telling folks how easily AV is evaded these days,  I'd also encourage leveraging other available tools to look for symptoms of malware.    2nd opinion scan with another AV or anti malware on demand scanner,  network IDS,  web proxy category requests might give it way... things like that.

          • 2. Re: McShield Spikes when starting programs

            Also:   I also would expect an antivirus product with an on access scanner to take up more CPU whenever any large file is pulled in off the disk.   That is, after all, the on-access scanner's job.   


            More details for the question will yield less hand wavingly general answers, though.

            • 3. Re: McShield Spikes when starting programs

              I've noticed it mostly with Microsoft Word(400KB)  and with Embarcadero ER/Studio (29,656kb) (of course probably larger with any DLLs the load).  When I see it dragging, I quickly go to Task Manager and look at the processes.  In ever case McShield is at 50% of CPU and over.  And it takes over 2 minutes for the programs to load with McShield on.


              I can disable McShield for a short time (the policy reloads it ever 5 minutes), and while it's not running things are great.  Load times under 10 seconds.



              • 4. Re: McShield Spikes when starting programs

                We are also experiencing PC performance issues with McAfee On-Access Scanner (OAS) when using ER/Studio Data Architect.  Disabling the OAS has proven to provide only temporarily relief but it too re-enables itself after a short period of time.  So far none of the proposed corrective actions given to me by our Technical Support group has resolved the issue.  They (Technical Support) suggested that a re-image of my PC may be needed to resolve the issue but I'm not sure that corrective action will resolve the performance issue.   I'm currently trying out a temporary work-around to my PC performance issues before suggesting it to my co-workers.  Any additional suggests from this group would be greatly appreciated.

                • 5. Re: McShield Spikes when starting programs

                  We had to resort to disabling OAS.  If you rename the McShield.com file (like xMcshield.com), it won't come back.



                  • 6. Re: McShield Spikes when starting programs

                    I would hope people are not renaming McShield as a common practice to circumvent security entirely for the sake of performance, and of greater concern, doing so without their system administrator knowing. If you're doing that and you are the system administrator, shame on you.


                    Please work with Support to find a responsible solution.

                    If a satisfactory resolution is not found, ask that Support escalate the case for further investigation.


                    Understand that issues like this require some intrusive hands-on data collecting by McAfee. If we can get a system or image from you to avoid the "back and forth" that will undoubtedly ensue, then prepare for that. It will make the investigation a whole lot easier on you, and easier for us.


                    The obvious "gotchas" in the area of "On Access Scanner Performance" are:

                    - "Scan Processes on Enable" is turned On, when it should be Off.

                    - A process is causing a lot of file activity to occur that must be scanned (such as when launching an application for the first time)

                    - A process is causing a lot of registry activity to occur (alleviated by disabling BOP and AP features)


                    Note: It is 99.99% likely that a solution exists that will allow the OAS to remain enabled.

                    • 7. Re: McShield Spikes when starting programs



                      Have to tried to disable opportunistic locking in Windows, if not try to do it, kindly refer the below McAfee KB article,


                      https://kc.mcafee.com/corporate/index?page=content&id=KB70178&cat=CORP_SAAS_ENDP OINT_PROTECTION_5_2&actp=LIST.



                      1 of 1 people found this helpful
                      • 8. Re: McShield Spikes when starting programs

                        Thanks Steve and William for your comments and suggestions.  I will notify our Technical Support group of the information that you have posted.


                        In the mean time and as a temporary work-around to the performance issue, I've performed the following configuration actions to my On-Access Scan Properties:

                             1) Added ER/Studio Data Architect process to the Low-Risk Processes, and

                             2) Added the folder where I keep my data models to the Exclusion items (What not to scan). 


                        The above changes has so far enabled me to be productive during my data modeling sessions and avoids having to temporarily disable the OAS.


                        • 9. Re: McShield Spikes when starting programs

                          I'll look at the Windows locking.  And I would never permanently rename McShield.  But it's not a performance issue;  Instead of 10 seconds for programs to load, it takes 3 minutes!  So we have to do something.  As soon as we find a fix we'll surely put it back.