Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
4957 Views 4 Replies Latest reply: Jul 15, 2011 3:30 AM by Attila Polinger RSS
Isagel Apprentice 87 posts since
Mar 31, 2010
Currently Being Moderated

Jul 5, 2011 4:49 PM

McShield using high CPU usage

Some systems are slowed down by McShield.exe using alot of memory.  Same issue with VSE 8.5 patch 8 and 8.7 patch 5.  

 

Any settings in the on-access scanner I can adjust to increase performance, or exclusions I can add? 

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Jul 8, 2011 6:51 AM (in response to Isagel)
    Re: McShield using high CPU usage

    Hello,

     

    I can't say anything regarding VSE 8.7 P 5 as we do not use it, but we had similar issues with earlier versions. Could you run a Process Monitor filtering for just McShield.exe on the affected system to see what files it accesses very frequently?

    We had slowdowns on Exchange servers on VSE 8.5/8.7 upgrade and the remedy was (or seemed to be) to exclude WFV*.TMP from all kinds of scanning (this was a DAT cache file in that particular version). Your problerm could be related to the same or similar thing.

    I also recommend excluding mferuntime.dat for the same reason (seems to be the same purpose cache file with a different name).

     

    As for other OAs related enhancement: scanning of compressed files could be disabled, and also scanning files on read and write can be chosen from instead of both. Similar enhancements could be Default files instead of all files, etc.

     

    Attila

  • eden_hsr Newcomer 25 posts since
    Mar 8, 2010
    Currently Being Moderated
    2. Jul 11, 2011 4:28 AM (in response to Attila Polinger)
    Re: McShield using high CPU usage

    I had same problem in our firm, but only during copiing of files (f.e. from C:\ to D:\ local Drives), mcshield was gone to 100% CPU. Problem was that in the on acess scanner policy: VirusScan Enterprise 8.8.0 > On-Access Default Processes Policies >Compressed files: Scan inside Archive (e.g Zip). Was selected. And this everytime we copied compressed file (*.zip, *.exe) the mcshield was gone to 100% and never comes backto normal performance. Since I taked out this option in the policy, it's better working with the PC performance during copy of files.

    After this I realized that I do not have the scans for zip files in the firm. Now I added zip scanning into clienttask,in the managed fullscan we have one times a week.

    Also I set in the Policy: VirusScan Enterprise 8.8.0 > On-Access General Policies > maximun scan time for files: 45sec. Now it scans each file most 45sec, after this scan goes to next file. Because I had also problem that some zip files are that big, on-access scanner scaned scaned scaned, and did not go forward to next file, and CPU 100%.

    Now all is better

     

    I hope I could help you

     

    Sven

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    4. Jul 15, 2011 3:30 AM (in response to Isagel)
    Re: McShield using high CPU usage

    I would say the frequent termination of McShield could be the indication of certain deadlocks over a file it is trying to scan while either the proper access right (or whatever) is not received in time or does not get CPU time, anyway to me it seems this could be a kind of self protection resulting in being terminated by perhaps another McAfee service to resolve the deadlock. This may require setting the target file in the alert as excluded from scanning.

     

    (Sometimes similar crashes can be observed happening due to McAfee files as scan targets.)

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points