Not sure if this is related to VirusScan or Host Intrusion but I thought I'd post here anyway.
I'm running VSE 8.7i Patch 5 and HIPS 8 on virtual Server 2008 64 Bit servers and I have an issue which is mainly affecting our file and print servers where MFEVTPS hogs around 45-50% CPU constantly and when coupled in with other general process is causing major issues in performance, so much so that users are unable to obtain their profiles, even though currently we have a very small less than 50 user base, we are unable to open terminal sessions to the server etc and the only way to connect is via vCentre and kill the MFEVTPS process. This of course re-appears but for a while stays at 0% before shooting up again.
I can't find much in the KB articles other than a known issue with clustered servers which these are not.
Each server is managed by ePO 4.5 with McAfee Agent 4.5
Any ideas on what could be causing this process to hog that much CPU?
I've checked throught the product logs, events etc. but can't see anything that really stands out.
Quite keen to get this resolved as it's obviously having an impact on user performance.
This system is completely standalone and web isolated so I can't post and log contents etc.
I had a similar issue on two machines after we upgraded from VSE 8.8 to VSE 8.8 P1. The MFEVTPS services took over the machine. Even after a reboot. A even if we shut down VSE and rebooted. This did not happen on the 150 other servers we did the same evening.
Support was of little help. So we removed both VSE and the Management agent. Rebooted and the issue was gone. A few days later we reinstalled the MA with no issue. Followed a few days later by reinstalling VSE 8.8. p1 with no issues. Things are fine now.
No idea why the installing of Patch 1 via ePO would cause the issue.
mfevtps.exe component is loaded when the computer starts up and performs trust validation for all McAfee processes to load.
I installed Mcafee Profiller and put all high CPU usage processes in LOW risk process(VSE)
and my CPU usage was gone.
The root cause is confirmed to be an issue with CRYPT32.DLL that is being exposed by the McAfee utilization of cryptographic APIs, after updating to the CRYPT32.DLL version described in Microsoft KnowledgeBase article KB2607712: http://support.microsoft.com/kb/2607712.
Microsoft has a solution available for this issue. See: http://support.microsoft.com/kb/2641690.
McAfee also strongly advises you to install Patch 1 or later for VirusScan Enterprise 8.8
Message was edited by: alexn on 10/12/12 4:08:52 PM CDT
Thanks guys. We are looking at VSE 8.8 Patch 2 at present. McAfee support has also suggested that temporarily disabling Access Protection may also relieve the issue as an interim measure.
I'll have a look at the two MS KB articles above.