8 Replies Latest reply on Mar 1, 2012 12:50 AM by eden_hsr

    VSE 8.8  McShield active during OnDemand

      I have been play with VSE 8.8 on one machine.  Manual install on an ePO controlled machine.   Created VSE 8.8 policies in ePO after importing all extensions into ePO.  Can confirm that the policies are coming down by looking at the VSE 8.8 settings on the target machine.

       

      When I kick off an OnDemand scan with a Run Immediate task in ePO it start up fine.   But McShield is going nuts.  It starts taking even more cpu than scan32.exe.   I have seen go all the way to 99%. 

       

      What am i missing

        • 1. Re: VSE 8.8  McShield active during OnDemand
          squonk_109

          I have only tested 8.8 on a Windows 7 machine, (no policies yet in EPO).

           

          I also noticed high cpu by Mcshield during a Full scan.

           

          I had CPU Normal setting and Artemis Medium.

           

          Let's see if others find the same, maybe different exclusions are needed.

           

           

          Message was edited by: C_Ardizzi on 21/01/11 2:58:52 EST PM
          • 2. Re: VSE 8.8  McShield active during OnDemand
            wwarren

            FYI, in VSE 8.8 the on-demand scanner is now using the engine instance that is loaded by McShield to do the scanning.

            This is one of the changes allowing faster load time of ODS.

            • 3. Re: VSE 8.8  McShield active during OnDemand

              As William Warren states, most ODS scan CPU has been migrated to McShield. Does make things better overall IMHO.

               

              Also, you can now throttle the ODS a little more granular than previously, as a reg key has been added for number of threads. I think the info regarding that is in the readme and also the "Best Practice" guide.

              • 4. Re: VSE 8.8  McShield active during OnDemand

                In working with VSE 8.8 today there are number of changes that have surprised me

                 

                The using of McShield.exe as the "engine" for scan32.  Scan32.exe can be configured for "below normal" and "low".  This appears to be using the standrd MS settings and tools.  This would seem much cleaner.   However McShield when being driven by Scan32.exe is running at "Normal" priority.   I have seen it running as high as 98% but does seem to drop down as soon as I touch the keyboard.   It still seems the Hard Drive is getting beat on pretty good.  My machine actually seem a big more sluggish during an On Demand scan than it was with VSE 8.5.

                 

                I am not getting the 80% speed improvement for On Demand scans that I had heard about at Forum10.  Maybe 40% if that.

                 

                The exclusion for Windows Protection has disappeared.

                 

                I am going to have to find some documentation that explains the CPU usage of McShield.  Many of the technical types know that this is On Access Scanner.   They will freak out when they see it running that high.  They will all insist that the On Access is scanning what the On Demand is doing.  Every security hater in the company will be over demanding fixes.

                 

                Thanks

                • 5. Re: VSE 8.8  McShield active during OnDemand

                  Hi,

                   

                  i am disapointed about the new VSE 8.8 on demand scan feature.

                  I have checked in the VSE 8.8 Extension and migrated the Policies ans tasks with the migration tool witch ships in VSE8.8 installation package.

                  All Ok.

                  I migrated 3 Workstation Windows 7 x64 from vse 8.7 to 8.8

                  The on demand scan (mcshield.exe) takes 80% of the CPU.

                  is that normal? i can blieve that...

                   

                  The task runs below normal (peformance).

                   

                   

                  Timo

                  • 6. Re: VSE 8.8  McShield active during OnDemand

                    For more info on how the scanner uses CPU and what you can do to change this see the VSE 8.8 Best Practices Guide (pp27-32). https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22940/en_US/vse_880_best_practices_guide.pdf

                     

                    In particular, read pp29-31 and the section about modifying the registry to allocate threads etc.

                    • 7. Re: VSE 8.8  McShield active during OnDemand
                      josevicente

                      I'm having same issues,

                      Maybe this is a problem with the vse.

                       

                      Have you opend a service request?

                       

                      Tks

                       

                      Message was edited by: josevicente on 2/28/12 3:10:04 PM BRT
                      • 8. Re: VSE 8.8  McShield active during OnDemand
                        eden_hsr

                        OK guys

                         

                        I had same problem during on demand scans in our firm that mcshield process taked too much memory and also to much CPU (up to 100% CPU), PC freezes. The problem was 1 ZIP File. It was a damaged ZIP File, which McAfee could not handle during the on-demand scan. To find out the easiest way which ZIP File has the problem is: Start your On-Demand Scan in Virs-Scan Console or over EPO Server. After this Rightclick in the VirusScan Console on your On-Demand Scan you started, Click Show Progress. Then you see the On-Demand Scan from file to file. On that file the On-Demand scan hangs for longer time and freezes your PC, maybe this is teh file with the problem. Delete or remove this file (mostly a ZIP File) from the computer. Test with a new On-Demand Scan if it's better.

                         

                        That was the solution in our firm.