I was reading a lot since the last weeks and did finda lot of useful hints here. First of all thanks for that!
Now I run into my first problem for which I do notfind any solution.
Since two days we experience the problems with high CPUload and also full disks.
We have a cluster of two 5500 appliances running onVersion 184.108.40.206.0 (14242). SSL scanning is (at present) not enabled.
On one of the machine’s the CPU load increases fromthe normal load (about 15 to 20%) within two hours up to 100%. The CPU loadstays that high and the disk starts to fill up within the next 8 hour also to100% in the directory /dev/mapper/vg00-opt.
After a reboot the problem is solved for maybe 30 minutes, then it starts again. Sometimes on the same node as before, sometimeson the other one. When I check the loadof the 24cores with top (-1) then I see all cores are working at nearly 100%. So it should not be single scan process. Inever did happen on both nodes at the same time.
I did already sent a feedback file yesterdayto our support company and they forwarded it to McAffe (I have been told), butunfortunately no feedback until now.
Maybe one of guys does have any idea what thiscould be?
Any help is really appreciated!!
How many threads do you have configured for AV scanning? The value might be too high. Check your advanced settings.
See this topic: https://community.mcafee.com/message/243797
Message was edited by: cscoup8 on 3/13/13 8:34:09 PM CDT
I'm not sure how much liberty you have for testing but I'd be curious to know if this problem persists if you were to temporarily change the anti-malware ruleset so that it does not scan in embedded objects. Could it be that a user or process is downloading a type of archive that has multiple layers of compression and expands to an extremely large size?
It seems that a misconfigured Linux server was causing the problem. The server did open more than 80 connections to the webgateway in parallel and was starting then downloading.iso files from an ftp server. I blocked this traffic and now everything went back to normal.
This feedback was sent by McAfee support (thanks!). Anybody an idea how to find this issue by myself next time? Other than doing a netstat on console?
Thanks again for your support!