Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
126518 Views 15 Replies Latest reply: Feb 19, 2013 7:16 AM by sol RSS Branched from an earlier discussion. 1 2 Previous Next
a--t--m Newcomer 6 posts since
Jul 27, 2012
Currently Being Moderated

Aug 30, 2012 12:47 PM

mcshield.exe high cpu usage, unusable system after fresh install

I have used McAfee VirusScan Enterprise with ePolicy Orchestrator for the last 5 years.  This sort of problem has plagued us the whole time (With misc machines at misc times.)  I started monitoring this thread as I am pretty sure the consumer and corporate versions have a signigicant amount of shared code.  My latest problem is mcshield (vse8.8) taking 50-100% CPU on a Core2Duo system for long periods of time. It is random, intermittent and completely swamps the machine making it almost useless.  It does not seem to happen to all machines which leads me to believe it is a conflict with some sort of software, but have not been able to tell what even after many many hours of troubleshooting with tools like Process Montior, Process Explorer, TCPView, etc. To work around the problem, I am now using a virtual machine with 10GB RAM and 8 CPU cores.  On this one, I see the CPU of one core go to near 100% at times (mcshield) but it doesn't affect much as the system has 8 cores.

 

I have pretty well run out of things to try after disabled most of the advanced protections and exempting everything that it could possibly hang up on, there is not much left.  I have also followed the McAfee Best Practices Guide to the letter and it made no difference. Calls with support in the past have been painful wastes of time while they pretend they've never heard of such a problem, then finally try it in house and are suprised when they can duplicate my results.  It usually ends with "we just released version X and if you upgrade, the problem is solved. No patch for the current version" Only to return a few months down the road.

 

Let me be clear, our systems are old and slow (although many are dual core and still experience this sort of problem), and this doesn't happen constantly, but it has been happening frequently to random systems at random times for 5 years with VSE8.0, 8.5, 8.7 and now 8.8. 

 

To those who wonder what is different about the corporate versions, it is mainly that they can be deployed and updated automatically from a central server. Settings can be controlled centrally and you can generate reports about what is being blocked (Mostly Tracking coookies). It doesn't really protect any better and from what I have seen it is really only marginal at catching things.  We have been infected with fake spyware over and over and over and McAfee will scan the obvious malware and say it is clean with up to date DAT files.  Many times I find the malware just by know where to look, then scan it with other products and it is flagged right away even though McAfee will give it a pass. Give it a week and McAfee will catch it too.  That is way way way too long.

 

I am now looking at and trialing several other products as I AM DONE WITH MCAFEE.  Too many hours wasted for me and my users. The only reason I didn't replace it several years ago was that I have been busy with larger and much more important migrations, upgrades etc as our company went through massive structural changes.  The time to just suffer with the problem was less than to implement a new product. And I figured and some point they would improve the product.  Nope...

  • Ex_Brit Volunteer Moderator 59,609 posts since
    May 6, 2004

    Moved out of home products to VSE for better attention.  Hopefully someone will address this shortly.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/102-5889-3-62127/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Ex_Brit Volunteer Moderator 59,609 posts since
    May 6, 2004

    Sorry about that, good luck.  I moved it simply because most home users wouldn't know what you were talking about as the products are so different.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/102-5889-3-62127/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • alexn Veteran 722 posts since
    Aug 9, 2012

    Please check the following,

     

    • Is archive (Compressed     Files) scanning turned on ? if yes, please turn it off in the on-Access     scanner properties.
    • Do you see any events     related to mcshield.exe in Windows Event logs ?
    • What other McAfee     Products are running on the workstation?
    • Configure a Low-risk and     High-risk process policy in On-Access Scanner properties and add the     following processes to the low-risk processes list

     

    Processes to add in low-riskProcesses List

    FrameworkService.exe

    McScanCheck.exe

    McScript_InUse.exe

    mcupdate.exe

     

    Also verify that where mcshield process is running from, the default location is C:\Program Files\Common Files\McAfee\SystemCore, and if you see a different location then it could be a malware.

     

    1.open task Manager

    2.Click View

    3.Select Columns

    4.Check Image Path Name and click OK.

    5.Now verfy the process location.

     

    Message was edited by: alexn on 8/30/12 2:46:56 PM CDT

    Post Timings: 6.00 AM to 3.00PM PDT
  • alexn Veteran 722 posts since
    Aug 9, 2012

    Please try the following and I belive it will solve your issue.

     

    1. Press Ctrl-Alt-Delete and select Task Manager.
    2. Click the Processes tab.
    3. Click View, Select Columns...
    4. Select all of the below and click OK.

      • I/O Writes
      • I/O Write Bytes
      • I/O Reads
      • I/O Read Bytes
      • I/O Other
      • I/O Other Bytes
    5. Sort by each of the I/O columns displayed. Doing so may identify multiple processes generating large amounts of disk I/O.
    Based on your findings you may want to effectively not scan the read and/or write disk I/O generated by a process. This can be accomplished using the Low-Risk Processes policy by adding the process to Low-Risk Processes and deselecting When Writing to Disk and/or When Reading from Disk. For detailed information and instructions, see:
    KB55139 - Understanding High-Risk, Low-Risk, and Default processes configuration and usage
    KB67648 - How to determine if configuring VirusScan Enterprise exclusions or setting Low Risk Processes will be effective 
    When using Default, High-Risk, and Low-Risk Processes policies, each policy is independent and needs to be configured as such.

    Example:

    Adding a file in the Exclusions tab of the Default Processes policy, but not adding it to the Exclusions for the High Risk policy, means the file will still be scanned by the High Risk processes policy.

    Adding a process to Low-Risk potentially impacts on your security, ensure you do so only when strictly necessary and warranted.

     

    Message was edited by: alexn on 8/30/12 4:53:56 PM CDT

    Post Timings: 6.00 AM to 3.00PM PDT
  • johnno Newcomer 14 posts since
    May 23, 2012

    My McAfee subscription comes up in October. I cancelled the automatic subscription and advised McAfee that I no longer need or want their product, giving my reasons, which were loss of performance (like 50-100% usage by mcshield) and over 100MB memory usage.

     

    I have a Core2Duo, where it seems almost no one else has a problem, according to this thread. But I have a problem, as I mentioned in earlier posts, and the input from a--t--m showed that it is a real problem for others, even for corporate systems.

     

    For the time being, I'll go with MSE and whatever else I find that helps. I do not need an anti-virus that takes most of my performance and a lot of memory. I can decide later if I want to change back.

     

    I am also being bombarded with renewal reminders from McAfee, even offering $40 off for two years. I would like to have security and performance. For similar reasons I dropped Norton and took up McAfee a few years ago. Looks to me like the free ones could be better finally (even though not really free, just squashing the competition).

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009

    Dear Johno,

     

    I'd like to ask a few questions and make a few comments:

     

    - did you install and run a full defragmentation and optimization on the drives of this computer (my personal fav is MyDefrag - monthly script)?

    - did you consider relocating the pagefile from the C: drive (if it is there) to another (if there is one) and review virtual memory settings (whether it should be system managed, fixed or minimum/maximm sized, etc.)

    - there is some trick with certain systems and their exclusion where hardware paths are reported to virusscan (consequently exclusions you defined might not work). Please see: https://kc.mcafee.com/corporate/index?page=content&id=KB61000

    - there is a McAfee Profiler utility, which when installed and run collect files that have been most accessed (and maybe scanned) by Mcshield. this can help you identify needs for future exclusions.

    - I personally witnessed them being scanned (when read scanning was enabled in the policy) and therefore always exclude no matter what, Virusscan temporary DAT files: WFV*.TMP and MFE*.DAT (see KB65459).

     

    We have also some very slow systems with limited RAM and CPU speed and therefore could not even run Process Monitor or Explorer because that would really drag them down, but if you can, please run Process Monitor and limit monitoring to Mcshield.exe and see what files it scans, if the above to-do list still does not make your problem go away.

     

    Attila

  • mat.kordell Champion 313 posts since
    Dec 21, 2011

    VirusScanEnterprise 8.8 Patch 2 is now available. This release includes new features,fixes, and enhancements including:

    • Lotus     Notes compatibility for 8.5.x    
    • Additional     logging during Patch installation    
    • Various     fixes for field-reported issues, ranging from BSODs to Updates using     excessive bandwidth, and CPU spikes.

    Todownload Patch 2, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx

    You can view theRelease Notes at: https://kc.mcafee.com/corporate/index?page=content&id=PD23934

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)