Some systems are slowed down by McShield.exe using alot of memory. Same issue with VSE 8.5 patch 8 and 8.7 patch 5.
Any settings in the on-access scanner I can adjust to increase performance, or exclusions I can add?
I can't say anything regarding VSE 8.7 P 5 as we do not use it, but we had similar issues with earlier versions. Could you run a Process Monitor filtering for just McShield.exe on the affected system to see what files it accesses very frequently?
We had slowdowns on Exchange servers on VSE 8.5/8.7 upgrade and the remedy was (or seemed to be) to exclude WFV*.TMP from all kinds of scanning (this was a DAT cache file in that particular version). Your problerm could be related to the same or similar thing.
I also recommend excluding mferuntime.dat for the same reason (seems to be the same purpose cache file with a different name).
As for other OAs related enhancement: scanning of compressed files could be disabled, and also scanning files on read and write can be chosen from instead of both. Similar enhancements could be Default files instead of all files, etc.
I had same problem in our firm, but only during copiing of files (f.e. from C:\ to D:\ local Drives), mcshield was gone to 100% CPU. Problem was that in the on acess scanner policy: VirusScan Enterprise 8.8.0 > On-Access Default Processes Policies >Compressed files: Scan inside Archive (e.g Zip). Was selected. And this everytime we copied compressed file (*.zip, *.exe) the mcshield was gone to 100% and never comes backto normal performance. Since I taked out this option in the policy, it's better working with the PC performance during copy of files.
After this I realized that I do not have the scans for zip files in the firm. Now I added zip scanning into clienttask,in the managed fullscan we have one times a week.
Also I set in the Policy: VirusScan Enterprise 8.8.0 > On-Access General Policies > maximun scan time for files: 45sec. Now it scans each file most 45sec, after this scan goes to next file. Because I had also problem that some zip files are that big, on-access scanner scaned scaned scaned, and did not go forward to next file, and CPU 100%.
Now all is better
I hope I could help you
Thank you for the suggestions.
I ended up openening a case with McAfee for this and am waiting on some process monitor results that I ran, filtering McShield.exe, with suggestions on which files to exclude.
I also regularily see event viewer errors that the McShield.exe service terminated unexpectedly, event ID 7034. I'm beginning to think this is a normal occurence of McAfee VSE as I see these in many machines and that there will always be files it times out scanning on....but even if it times out scanning should the McShield service terminate like that....hmmm.
I would say the frequent termination of McShield could be the indication of certain deadlocks over a file it is trying to scan while either the proper access right (or whatever) is not received in time or does not get CPU time, anyway to me it seems this could be a kind of self protection resulting in being terminated by perhaps another McAfee service to resolve the deadlock. This may require setting the target file in the alert as excluded from scanning.
(Sometimes similar crashes can be observed happening due to McAfee files as scan targets.)