3 Replies Latest reply on May 17, 2011 9:22 AM by Regis

    On Access Scan Log and system performance issues




      My users are reporting that their systems are performing slow due to AV scans, regardless of OS version, i.e. xp or vista or 7 (we are talking about desktops only)

      Most users are compalining issues with outlook performance and some of them are have issues with typing  text in office documents, it takes a while for the word to show up on the document after they type in.

      One of the user reported Outlook crash took place at 1:26 PM on his computer and he noticed that mcshield.exe was chewing up the system CPU to max (12)

      I went over the system logs and observed that at the same time on access scan log got updated with statistics and DAT file version changed.

      Can someone help me in figuring out the relationship between epo settings and on access scan log's timings i.e. why does dat file change on that specific time?

      How can we make user experience smoother and be secure at the same time.

      We are using AV 8.7 AS 8.7 and Agent 4.0 as well as 4.5 in our enviornment.

      Please note that EPO is configurred to check for updates every two hours.




        • 1. Re: On Access Scan Log and system performance issues



          Do you have any Patches for Mcafee 8.7 installed? If not, try the latest Patch5, which resolves several "DAT Update Performance Issues". You can download it in the download section with your GRANT number.



          • 2. Re: On Access Scan Log and system performance issues

            We are running patch 3 right now.

            Do you know why my on access scan file has some changes on everyday at 1:20 PM? Thats the time when I see the DAT version changes as well.

            • 3. Re: On Access Scan Log and system performance issues

              Patch 3 caused a significant subset our users to start really moaning when DAT update time came around.   We're moving to patch 5 and hoping that does indeed allow us to move a DAT update intraday again without rendering older machines nearly unusable for a few minutes.


              Look in your ePO in the system tree where one of the systems exhibiting this behavior lives.   Look at the client tasks, and you'll probably find a Product Update task  scheduled daily--and the time will probably look pretty familiar.   That's what typically causes your DAT's to get updated and determines when... unless you don't have one set, and I think perhaps VirusScan might have a fallback default to go out to mcafee.com to go get its dat updates (not sure on this...we push ours from ePO on a time we control).


              A DAT update does indeed cause entried to be added to the access protection log, on-access scanner log, and probably several other logs.  That's entirely normal behavior.