1 Reply Latest reply: Feb 24, 2013 4:26 PM by rmetzger RSS

    McAfee 8.8 patch 1 and 2  on-demand-scan using mcshield


      hi all,


      we have some users complain about high CPU usage during the scheduled scan ( on-demand-scan ) I check the machines and I found that the mcshield cursing the high CPU usage


      mcshield belong to on-access-scan


      Scan64.exe or scan32.exe belong to on-demand-scan



      strange !!!! 



      why mcshield runing and cursing the high CPU usage during on-demand-scan ?????!!!!!!




      any help



      thanks in advance

        • 1. Re: McAfee 8.8 patch 1 and 2  on-demand-scan using mcshield

          Hi notime,


          VSE v8.8 now consolidates scanning by using McShield to actually scan. This reduces replicated code and resources associated with each process. So Scan32 and Scan64 calls McShield to actually scan, thus if On-Access Scan does not replicated that which the On-Demand Scan is already requesting.


          Additionally, if performance is suffering, a couple of causes that need to be checked:

          1) Is the ODS checking over the network or is a network resource getting scanned?

          2) Is the ODS checking archives (.zip, .7z, .cab, etc.)?


          Either of these would cause substantial cpu usage, which is not directly controlled by McAfee software as these are handled by third party software.


          I would review the 8.8 Best Practices Guide: https://kc.mcafee.com/corporate/index?page=content&id=PD22940


          Finally, Best Practices Guide for On-Demand Scanning:

          https://kc.mcafee.com/corporate/index?page=content&id=KB74059&actp=search&viewlo cale=en_US&searchid=1361743648837



          McShield.exe and Scan32.exe behavior

              To reduce memory usage in VSE 8.8, the On-Access Scanner (mcshield.exe) uses the instance of the DAT files and Engine already loaded in memory. As a result, when an On-Demand Scan (scan32.exe) is launched, it uses the McShield.exe process. For this reason, you may observe higher than expected CPU usage by the mcshield.exe process.


              NOTE: This does not mean that the On-Demand Scanner (ODS) and On-Access Scanner (OAS) are scanning the same file.

          . . .

          Overview of On-Demand scan system resources utilization:

          • Windows Priority Control
            The ODS uses the Windows Priority Control setting for the scan process. This allows the operating system (OS) to set the amount of CPU that the On-Demand Scanner receives at any point in the scan process. If other applications are launched and need resources, the OS takes CPU time away from Scan32.exe and assigns it to the other applications. When the other applications no longer require as much CPU, the OS gives CPU time back to Scan32.exe.
                The System Utilization setting in the On-Demand Scan Properties maps to Windows Priority Control according to the following table:


            Low10% CPU
            Below Normal20%-50% CPU
            Normal60%-100% CPU





          I hope this is helpful,

          Ron Metzger