Yes, there are things you can do to help.
And there are certain actions of the product where it's unavoidable that we'll be using as much CPU as we can get. Knowing what those are and possible ways around them, could help you manage your server availability.
1. When updates occur.
The daily DAT update puts enormous strain on a system, CPU/memory/disk all see a spike in activity by multiple McAfee processes; most predominantly "McScript_InUse.exe" and "McShield.exe"
- Install the latest version and patch (sounds like a cop out but it's common sense, we fix issues and those fixes go into our latest release)
- Make these changes: KB66044
- Make sure you don't have this issue: KB75051
- Make sure the On Access Scanner setting "Processes on Enable" is OFF.
... and more relevant fixes are coming with VSE 8.8 Patch 2.
2. When a scheduled scan occurs
This action invokes the process Scan32.exe or Scan64.exe. Easy to spot if this is the cause or a contributor of performance woes; i.e. it'll be a running process when things are bad.
- The on-demand scanner "system utilization" setting should be "Below normal" or lower.
- Do not scan Archives in the configuration (a current engine limitation can lead to archive files creating a train wreck-like bottleneck for the scanner threads, which will impact performance)
- Do not scan memory (unless you're willing to take an initial performance hit when the task runs - the system utilization setting applies to scanning of files, not to the memory scan)
- Run the scan at low usage times
There are other specifics but they would be in place by default, such as sharing the OAS scan cache with the ODS.
These come to mind initially at least.