6 Replies Latest reply: Sep 21, 2012 9:31 AM by feeeds RSS

    FireSvc.exe Uses 25% CPU after DAT update

    cdobol

      I'm using 8.0.0.1741.  We are seeing after a DAT update that the FireSvc.exe process 'hangs' using 25% CPU utilization.  We are also running VS 8.8.  Anyone else see that?  I'm thinking of adding some process exclusions to firesvc.exe in VirusScan to see if that changes anything.

        • 1. Re: FireSvc.exe Uses 25% CPU after DAT update
          cdobol

          The issue occurs with the McAfee Host Intrusion Prevention Service when trying to start up.   I changed logging to "error" only and the CPU spike seems resolved, but the service still won't start.  Almost like it can't query the registry or session information.  I opened a SR with McAfee on this, will post a resolution when I get one.

           

          08/19/2011 20:25:31 HpmRegistry.cpp[5469] ERROR (5104) internalEnumRegValues() - failed to query for reg key value #0. subResult = 234. Will continue to process other reg key values.

          08/19/2011 20:25:31 HpmRegistry.cpp[11050] ERROR (5104) getLogonSessions() - failed to successfully read the logon session rules.

          08/19/2011 20:25:31 RpcSessionCache.cpp[1280] ERROR (5104) RpcSessionCache::getSessionData() - Failed to load session data.

          08/19/2011 20:25:31 FireComm.cpp[296] ERROR (5104) FireComm::firecomm_Start() - (-413) .

          08/19/2011 20:25:31 IKESVC [196] ERROR Unable to start FireComm

          08/19/2011 20:25:31 IKESVC [329] ERROR Unable to start FireComm. FireSvc startup will be aborted.

          08/19/2011 20:25:35 HpmRegistry.cpp[5469] ERROR (5164) internalEnumRegValues() - failed to query for reg key value #0. subResult = 234. Will continue to process other reg key values.

          08/19/2011 20:25:35 HpmRegistry.cpp[11050] ERROR (5164) getLogonSessions() - failed to successfully read the logon session rules.

          08/19/2011 20:25:35 RpcSessionCache.cpp[1280] ERROR (5164) RpcSessionCache::getSessionData() - Failed to load session data.

          08/19/2011 20:25:35 FireComm.cpp[296] ERROR (5164) FireComm::firecomm_Start() - (-413) .

          08/19/2011 20:25:35 IKESVC [196] ERROR Unable to start FireComm

          08/19/2011 20:25:35 IKESVC [329] ERROR Unable to start FireComm. FireSvc startup will be aborted.

          • 2. Re: FireSvc.exe Uses 25% CPU after DAT update
            cdobol

            Found that we had a buffer overflow when trying to read the following key -->  HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP\Config\LogonSession\0  This caused HIPS to go into a infinite loop trying to read that key... hence the CPU utilization.

             

            I copied an entry from a working machine to the broken machine.  It was then able to read that registry entry and it worked!  We suspect a 3rd party application is causing the buffer overflow on the registry query.  Still investigating...  Will post as I learn more.

            • 3. Re: FireSvc.exe Uses 25% CPU after DAT update
              DimSys

              Hi,

              Have the same problem.

              Processes Firesvc.exe and Mcshield.exe using up to 98% CPU (by 49% for each).

              After reboot everythink is OK.

              If you find solution, please post it here.

              Thanks.

              • 4. Re: FireSvc.exe Uses 25% CPU after DAT update
                DimSys

                If you need, I will try to help you.

                • 5. Re: FireSvc.exe Uses 25% CPU after DAT update
                  ppg


                  https://community.mcafee.com/thread/44747

                   

                  Same problem to my company.effected 300 unit snotebook.CPU usage goes up (firesvc.exe) and it iwll hang and freeze stuck hang for few seconds.

                  • 6. Re: FireSvc.exe Uses 25% CPU after DAT update
                    feeeds

                    Any word on of this has been resolved with a hot fix or service pack ?