1 2 Previous Next 15 Replies Latest reply: Feb 19, 2013 7:24 AM by sol Branched from an earlier discussion. RSS

    mcshield.exe high cpu usage, unusable system after fresh install

    a--t--m

      I have used McAfee VirusScan Enterprise with ePolicy Orchestrator for the last 5 years.  This sort of problem has plagued us the whole time (With misc machines at misc times.)  I started monitoring this thread as I am pretty sure the consumer and corporate versions have a signigicant amount of shared code.  My latest problem is mcshield (vse8.8) taking 50-100% CPU on a Core2Duo system for long periods of time. It is random, intermittent and completely swamps the machine making it almost useless.  It does not seem to happen to all machines which leads me to believe it is a conflict with some sort of software, but have not been able to tell what even after many many hours of troubleshooting with tools like Process Montior, Process Explorer, TCPView, etc. To work around the problem, I am now using a virtual machine with 10GB RAM and 8 CPU cores.  On this one, I see the CPU of one core go to near 100% at times (mcshield) but it doesn't affect much as the system has 8 cores.

       

      I have pretty well run out of things to try after disabled most of the advanced protections and exempting everything that it could possibly hang up on, there is not much left.  I have also followed the McAfee Best Practices Guide to the letter and it made no difference. Calls with support in the past have been painful wastes of time while they pretend they've never heard of such a problem, then finally try it in house and are suprised when they can duplicate my results.  It usually ends with "we just released version X and if you upgrade, the problem is solved. No patch for the current version" Only to return a few months down the road.

       

      Let me be clear, our systems are old and slow (although many are dual core and still experience this sort of problem), and this doesn't happen constantly, but it has been happening frequently to random systems at random times for 5 years with VSE8.0, 8.5, 8.7 and now 8.8. 

       

      To those who wonder what is different about the corporate versions, it is mainly that they can be deployed and updated automatically from a central server. Settings can be controlled centrally and you can generate reports about what is being blocked (Mostly Tracking coookies). It doesn't really protect any better and from what I have seen it is really only marginal at catching things.  We have been infected with fake spyware over and over and over and McAfee will scan the obvious malware and say it is clean with up to date DAT files.  Many times I find the malware just by know where to look, then scan it with other products and it is flagged right away even though McAfee will give it a pass. Give it a week and McAfee will catch it too.  That is way way way too long.

       

      I am now looking at and trialing several other products as I AM DONE WITH MCAFEE.  Too many hours wasted for me and my users. The only reason I didn't replace it several years ago was that I have been busy with larger and much more important migrations, upgrades etc as our company went through massive structural changes.  The time to just suffer with the problem was less than to implement a new product. And I figured and some point they would improve the product.  Nope...

        • 1. Re: mcshield.exe high cpu usage, unusable system after fresh install
          Ex_Brit

          Moved out of home products to VSE for better attention.  Hopefully someone will address this shortly.

          • 2. Re: mcshield.exe high cpu usage, unusable system after fresh install
            a--t--m

            Thanks for trying, but I think we have just lost the love for this product and need to move on...  All my time will be dedicated to implementing something else.

            • 3. Re: mcshield.exe high cpu usage, unusable system after fresh install
              Ex_Brit

              Sorry about that, good luck.  I moved it simply because most home users wouldn't know what you were talking about as the products are so different.

              • 4. Re: mcshield.exe high cpu usage, unusable system after fresh install
                alexn

                Please check the following,

                 

                • Is archive (Compressed     Files) scanning turned on ? if yes, please turn it off in the on-Access     scanner properties.
                • Do you see any events     related to mcshield.exe in Windows Event logs ?
                • What other McAfee     Products are running on the workstation?
                • Configure a Low-risk and     High-risk process policy in On-Access Scanner properties and add the     following processes to the low-risk processes list

                 

                Processes to add in low-riskProcesses List

                FrameworkService.exe

                McScanCheck.exe

                McScript_InUse.exe

                mcupdate.exe

                 

                Also verify that where mcshield process is running from, the default location is C:\Program Files\Common Files\McAfee\SystemCore, and if you see a different location then it could be a malware.

                 

                1.open task Manager

                2.Click View

                3.Select Columns

                4.Check Image Path Name and click OK.

                5.Now verfy the process location.

                 

                Message was edited by: alexn on 8/30/12 2:46:56 PM CDT
                • 5. Re: mcshield.exe high cpu usage, unusable system after fresh install
                  a--t--m

                  Yes, all of the above was done, plus anything in the best practices guide.  No errors, only ePO agent and VSE running.  No other security products period.  May have possibly had some bad interraction with LastPass, but most users don't use that so that would only account for some.

                   

                  The problem comes and goes as it wants. It's not scheduled scans or updates those all run well after hours.

                   

                  I am not actively trying to solve this anymore.  Just thought I would post as I know there are others with the same problems who might feel better to know they are not alone. The consumer thread that this was branched off of was running for 2 years with the most recent incarnation of the problem starting for most about a year ago and still not solved.

                   

                  on 8/30/12 3:39:16 PM CDT
                  • 6. Re: mcshield.exe high cpu usage, unusable system after fresh install
                    alexn

                    Please try the following and I belive it will solve your issue.

                     

                    1. Press Ctrl-Alt-Delete and select Task Manager.
                    2. Click the Processes tab.
                    3. Click View, Select Columns...
                    4. Select all of the below and click OK.

                      • I/O Writes
                      • I/O Write Bytes
                      • I/O Reads
                      • I/O Read Bytes
                      • I/O Other
                      • I/O Other Bytes
                    5. Sort by each of the I/O columns displayed. Doing so may identify multiple processes generating large amounts of disk I/O.
                    Based on your findings you may want to effectively not scan the read and/or write disk I/O generated by a process. This can be accomplished using the Low-Risk Processes policy by adding the process to Low-Risk Processes and deselecting When Writing to Disk and/or When Reading from Disk. For detailed information and instructions, see:
                    KB55139 - Understanding High-Risk, Low-Risk, and Default processes configuration and usage
                    KB67648 - How to determine if configuring VirusScan Enterprise exclusions or setting Low Risk Processes will be effective 
                    When using Default, High-Risk, and Low-Risk Processes policies, each policy is independent and needs to be configured as such.

                    Example:

                    Adding a file in the Exclusions tab of the Default Processes policy, but not adding it to the Exclusions for the High Risk policy, means the file will still be scanned by the High Risk processes policy.

                    Adding a process to Low-Risk potentially impacts on your security, ensure you do so only when strictly necessary and warranted.

                     

                    Message was edited by: alexn on 8/30/12 4:53:56 PM CDT
                    • 7. Re: mcshield.exe high cpu usage, unusable system after fresh install
                      johnno

                      My McAfee subscription comes up in October. I cancelled the automatic subscription and advised McAfee that I no longer need or want their product, giving my reasons, which were loss of performance (like 50-100% usage by mcshield) and over 100MB memory usage.

                       

                      I have a Core2Duo, where it seems almost no one else has a problem, according to this thread. But I have a problem, as I mentioned in earlier posts, and the input from a--t--m showed that it is a real problem for others, even for corporate systems.

                       

                      For the time being, I'll go with MSE and whatever else I find that helps. I do not need an anti-virus that takes most of my performance and a lot of memory. I can decide later if I want to change back.

                       

                      I am also being bombarded with renewal reminders from McAfee, even offering $40 off for two years. I would like to have security and performance. For similar reasons I dropped Norton and took up McAfee a few years ago. Looks to me like the free ones could be better finally (even though not really free, just squashing the competition).

                      • 8. Re: mcshield.exe high cpu usage, unusable system after fresh install
                        Attila Polinger

                        Dear Johno,

                         

                        I'd like to ask a few questions and make a few comments:

                         

                        - did you install and run a full defragmentation and optimization on the drives of this computer (my personal fav is MyDefrag - monthly script)?

                        - did you consider relocating the pagefile from the C: drive (if it is there) to another (if there is one) and review virtual memory settings (whether it should be system managed, fixed or minimum/maximm sized, etc.)

                        - there is some trick with certain systems and their exclusion where hardware paths are reported to virusscan (consequently exclusions you defined might not work). Please see: https://kc.mcafee.com/corporate/index?page=content&id=KB61000

                        - there is a McAfee Profiler utility, which when installed and run collect files that have been most accessed (and maybe scanned) by Mcshield. this can help you identify needs for future exclusions.

                        - I personally witnessed them being scanned (when read scanning was enabled in the policy) and therefore always exclude no matter what, Virusscan temporary DAT files: WFV*.TMP and MFE*.DAT (see KB65459).

                         

                        We have also some very slow systems with limited RAM and CPU speed and therefore could not even run Process Monitor or Explorer because that would really drag them down, but if you can, please run Process Monitor and limit monitoring to Mcshield.exe and see what files it scans, if the above to-do list still does not make your problem go away.

                         

                        Attila

                        • 9. Re: mcshield.exe high cpu usage, unusable system after fresh install
                          mat.kordell

                          VirusScanEnterprise 8.8 Patch 2 is now available. This release includes new features,fixes, and enhancements including:

                          • Lotus     Notes compatibility for 8.5.x    
                          • Additional     logging during Patch installation    
                          • Various     fixes for field-reported issues, ranging from BSODs to Updates using     excessive bandwidth, and CPU spikes.

                          Todownload Patch 2, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx

                          You can view theRelease Notes at: https://kc.mcafee.com/corporate/index?page=content&id=PD23934

                          1 2 Previous Next