1 2 3 Previous Next 23 Replies Latest reply on Feb 6, 2012 2:29 AM by Attila Polinger

    Mcshield high cpu usage

    swamy2785

      Hi Team,

       

      One of my user is experiencing high cpu usage from mcshield service almost after he starts the system due to which  the machine responds slowly or rather starts after 15 - 20 mins. The user had started facing the problem just after 1-2 weeks of vse 8.8 p1 deployment.

       

      Kindly advice a good solution regarding the same

       

      Thanks & Regards

      Vijay Narayanaswamy

        • 1. Re: Mcshield high cpu usage
          swamy2785

          Pls reply.

          • 2. Re: Mcshield high cpu usage
            Tristan

            What is the computer doing?

             

            Does it have scheduled scans running?

             

            Is it doing a DAT update?

            • 3. Re: Mcshield high cpu usage
              Attila Polinger

              Hi,

               

              just a thought: VSE 8.8 P1 introduces a new access protection rule that prevents programs to inject processes under McAfee processes and it is enabled by default. Perhaps you have a program that conflicts with this rule during the boot. The rule name is Common Standard Protection: Prevent hooking of McAfee processes  . Try to disable this and do a reboot: does it make a difference?

               

              Also without actually trying this, you might have a look into AccessProtectionLog.txt in %DEFLOGDIR% and see if anything tries to violate this rule..

               

              Attila

              • 4. Re: Mcshield high cpu usage
                swamy2785

                What is this feature & what exactly does it do. (Common Standard Protection: Prevent hooking of McAfee processes).

                 

                Also in one of the user machines i am facing an issue. 15-20 popups unexpectedly. Attaching the screenshot captured for the same.

                 

                 

                 

                Thanks & Regards

                Vijay Narayanaswamy

                • 5. Re: Mcshield high cpu usage
                  Attila Polinger

                  Basically it prevent other processes to use the Windows feature for creating subprocesses under an existing process in order to do something, like monitoring or examining the parent process under which they have created the child process.

                   

                  As for the pop-up VirusScan windows: I do not know the reason from here :-), but if you have a managed installation aynway, then you could disable on screen messages from policy and these will never pop-up (yet the events will go to the ePO server anyway for reviewing by you).

                  Additionally you can view the OnAccessScanlog.txt file and see if there are any detection-like entries at the same time.

                   

                  Attila

                  • 6. Re: Mcshield high cpu usage
                    swamy2785

                    Hi Attila,

                     

                    These popup which u see aren't started by the users. Suddenly after the user logs in or sometimes after unlocking the machine these things popups. Once i end the process or restart the machine it works fine. Again after 2 days or even 1 week or so these pops up again.

                     

                    Request you guys to provide an efficient solution as it has already affected  2- 3 machines. If these start occuring to the entire organisation it will become a tedious task.

                     

                    Thanks & Regards

                    Vijay Narayanaswamy

                     

                    Message was edited by: swamy2785 on 12/29/11 3:25:00 AM CST
                    • 7. Re: Mcshield high cpu usage
                      Attila Polinger

                      I did not say users started the popups, rather, I said you can disable showing them. Each popup would represent some event that would get into the ePolicy database, so disabling the popup messages will not cause the events go unnoticed, rather, you will have a cleaner situation to analyze them from the database.

                       

                      An analysis of events is what I see proper at this time. Event records in the database contains more information than normally would be displayed in the message window (that pops up on your screens).

                       

                      Attila

                      • 8. Re: Mcshield high cpu usage
                        swamy2785

                        How to achieve the same. Also along with these popups blank folder open which  are in a  minimized state. They are represented by small dashes. What are thse folders along with windows messenger pops.

                         

                        Thanks  & Regards

                        Vijay Narayanaswamy

                        • 9. Re: Mcshield high cpu usage
                          Attila Polinger

                          Please go to VirusScan 8.8 product, General Options category and edit the respective ePo policy, go to Messages and deselect both options in the User message section. Do this for the Workstation policy.

                           

                          If you menat how to analyze the events, then please go to ePO queries and Reports, start a new report, choose Table format, and in the Columns step choose most of the Events list from the left (like Event Category, Event Description, these are very important ones) and in the Filter Section you could specify the names of the computers. Save this query so you can later re-edit it for example with new computers or new field names.

                          The chosen Columns shopuld reveal telling information what happened when the empty popup window appeared.

                           

                          Can you őpost here a screenshot of the blank folder thing?

                           

                          Attila

                          1 2 3 Previous Next