2 Replies Latest reply on May 1, 2009 6:51 AM by secured2k

    McShield Utilization

      Hoping this is an easy one. Is there a quick way to tell which files McSheild.exe process is scanning in realtime as it scans?

      I have some persons running reports that can make the McSheild.exe process take up to 20% sustained CPU utilization and as soon as they finish, McSheild.exe service drops back down to normal but I can't tell which files it is scanning to set up proper exclusions in epo. Any ideas how to see which files McSheild.exe is scanning that could cause high spikes? thanks
        • 1. RE: McShield Utilization
          SergeM
          Hi,

          You might check the APP and OAS logs in the VSE Console on those systems.
          With a minimum of luck you'll see lines indicating what was seen...

          Then, if those people are "running reports", they oughta know what they're doind, i.e. more or less which program they're using and what files they're accessing... so you might check in that direction with "scan exclusions"... (that is a bit more "trial and error" which I personally dislike, but sometimes it's the only way)

          good luck
          Serge
          • 2. RE: McShield Utilization
            secured2k
            You can check the current scan object in the VirusScan On Access Scan Statistics in the Tools menu. You could also use a tool like Process Monitor (Systernals/Microsoft) to watch the mcshield process. There's also the option of watching file handles with process explorer.