Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1571 Views 1 Reply Latest reply: Feb 24, 2013 4:26 PM by rmetzger RSS
notime Apprentice 137 posts since
Jul 24, 2007
Currently Being Moderated

Feb 24, 2013 2:49 PM

McAfee 8.8 patch 1 and 2  on-demand-scan using mcshield

hi all,


we have some users complain about high CPU usage during the scheduled scan ( on-demand-scan ) I check the machines and I found that the mcshield cursing the high CPU usage


mcshield belong to on-access-scan


Scan64.exe or scan32.exe belong to on-demand-scan



strange !!!! 



why mcshield runing and cursing the high CPU usage during on-demand-scan ?????!!!!!!




any help



thanks in advance

McAfee ePO server 5.0.1
McAfee ePO server 4.6.7
McAfee ePO server 4.6.6

  • rmetzger Champion 566 posts since
    Jan 4, 2005

    Hi notime,


    VSE v8.8 now consolidates scanning by using McShield to actually scan. This reduces replicated code and resources associated with each process. So Scan32 and Scan64 calls McShield to actually scan, thus if On-Access Scan does not replicated that which the On-Demand Scan is already requesting.


    Additionally, if performance is suffering, a couple of causes that need to be checked:

    1) Is the ODS checking over the network or is a network resource getting scanned?

    2) Is the ODS checking archives (.zip, .7z, .cab, etc.)?


    Either of these would cause substantial cpu usage, which is not directly controlled by McAfee software as these are handled by third party software.


    I would review the 8.8 Best Practices Guide:


    Finally, Best Practices Guide for On-Demand Scanning: cale=en_US&searchid=1361743648837



    McShield.exe and Scan32.exe behavior

        To reduce memory usage in VSE 8.8, the On-Access Scanner (mcshield.exe) uses the instance of the DAT files and Engine already loaded in memory. As a result, when an On-Demand Scan (scan32.exe) is launched, it uses the McShield.exe process. For this reason, you may observe higher than expected CPU usage by the mcshield.exe process.


        NOTE: This does not mean that the On-Demand Scanner (ODS) and On-Access Scanner (OAS) are scanning the same file.

    . . .

    Overview of On-Demand scan system resources utilization:

    • Windows Priority Control
      The ODS uses the Windows Priority Control setting for the scan process. This allows the operating system (OS) to set the amount of CPU that the On-Demand Scanner receives at any point in the scan process. If other applications are launched and need resources, the OS takes CPU time away from Scan32.exe and assigns it to the other applications. When the other applications no longer require as much CPU, the OS gives CPU time back to Scan32.exe.
          The System Utilization setting in the On-Demand Scan Properties maps to Windows Priority Control according to the following table:


      Low10% CPU
      Below Normal20%-50% CPU
      Normal60%-100% CPU





    I hope this is helpful,

    Ron Metzger

More Like This

  • Retrieving data ...

Bookmarked By (1)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points