2 Replies Latest reply on Apr 19, 2013 4:54 AM by Parachute

    Virusscan 8.8 and rt.jar / jqs.exe

    Parachute

      Hello,

       

      for some time, some customers had problems with high cpu-usage of mcshield.exe.

       

      For example:

      - Starting Win XP

      - Login takes a long time

      - When you start taskmanager, mcshield shows 98/99% cpu-usage

      - OS does not respond good (very slow)

       

      The reason - after doing "some" troublehooting is rt.jar / jqs.exe. Java 7 is installed.

      The on access log does not show anything :-/

       

      After exluding these processes everything works fine.

      Does anyone else have this problem?

       

      I'm not sure, if i opened up the gates to far, because of excludeing these 2 processes.

       

      Any recommendations are very welcome.

       

       

      Regards

      Daniel

        • 1. Re: Virusscan 8.8 and rt.jar / jqs.exe
          wwarren

          You have archive scanning enabled then...

          I'm not sure why you'd want to enable that setting. It has been investigated at length that disabling archive scanning is of little/no consequence. Even so, for those environments that must have it enabled, there are ways to reduce the time needed to scan archives - rather, ways to avoid scanning them.

           

          The simplest of which is to submit your file to McAfee Labs to have it whitelisted in our DATs. As long as your file doesn't change, it won't endure a lengthy scan. Another (which we won't see until patch 4 in September), is making use of our Artemis/GTI technology, to get a quicker response from "the cloud" as to whether the file is "known good" or not - this exists in Patch 3 today but that patch only benefits Win8/Srv2012.

           

          When we release new Engine versions, that too may provide overall improvement to scan times but it's not a guarantee.

          • 2. Re: Virusscan 8.8 and rt.jar / jqs.exe
            Parachute

            You are right - we do scan archives, so that viruses could be detected before extracting/executing or for scheduled jobs, to detect viruses in older files/archives.

            So, if I understand it right, jqs.exe might not be the problem, but rt.jar, because it is handled like an archive?

             

            I'll try disabling it to see the difference

             

            Thank you

            Daniel