Feb 24, 2013 2:49 PM
McAfee ePO server 5.0.1
McAfee ePO server 4.6.7
McAfee ePO server 4.6.6
we have some users complain about high CPU usage during the scheduled scan ( on-demand-scan ) I check the machines and I found that the mcshield cursing the high CPU usage
mcshield belong to on-access-scan
Scan64.exe or scan32.exe belong to on-demand-scan
why mcshield runing and cursing the high CPU usage during on-demand-scan ?????!!!!!!
any help thanks in advance
thanks in advance
VSE v8.8 now consolidates scanning by using McShield to actually scan. This reduces replicated code and resources associated with each process. So Scan32 and Scan64 calls McShield to actually scan, thus if On-Access Scan does not replicated that which the On-Demand Scan is already requesting.
Additionally, if performance is suffering, a couple of causes that need to be checked:
1) Is the ODS checking over the network or is a network resource getting scanned?
2) Is the ODS checking archives (.zip, .7z, .cab, etc.)?
Either of these would cause substantial cpu usage, which is not directly controlled by McAfee software as these are handled by third party software.
Finally, Best Practices Guide for On-Demand Scanning:
McShield.exe and Scan32.exe behavior
To reduce memory usage in VSE 8.8, the On-Access Scanner (mcshield.exe) uses the instance of the DAT files and Engine already loaded in memory. As a result, when an On-Demand Scan (scan32.exe) is launched, it uses the McShield.exe process. For this reason, you may observe higher than expected CPU usage by the mcshield.exe process.
NOTE: This does not mean that the On-Demand Scanner (ODS) and On-Access Scanner (OAS) are scanning the same file.
. . .
Overview of On-Demand scan system resources utilization:
|Below Normal||20%-50% CPU|
I hope this is helpful,