i have a server that does a Baseline on deman scan on a sunday during non production hours. the scan lasted 20 mins we then receieved an alert saying that 97% cpu utilization occured on this server. PAtch2 is appplied to this server. i also checked event viewer since this is server 2008 and it showed this at the time of scan as well.
Faulting application name: SCAN64.EXE, version: 126.96.36.1997, time stamp: 0x4d2e0635 which occured at the same time as the scan ended.
we are going back and forth with our desktop secuirty team on it and it is pretty annoying. I think the patch is corrupted. amy insight as to why the CPU would peg out when we dont see this on any other servers with the same setup.
Moved to the VSE sub-forum for better support.
First point to establish and agree on is that High CPU usage of itself is not an issue.
The ODS will use as much CPU as the operating system is willing to give it; note, the OS is the one that decides this, not VSE.
If you have a notification system that alerts when high CPU is occurring from an individual process, it needs to ignore our processes when an ODS runs - else you'll just get false positive alerts.
We'd consider high CPU being problematic if the ODS is configured to run at low or below normal thread priority, and that when the system is being used by higher priority processes that those higher priority processes are not getting the lion share of CPU cycles.
You mentioned a crash though. That's not associated with high CPU; it's a different symptom, different issue. That should be investigated further.
thanks Wwarren good point and i agree with fals positivie but the issue is our systems are montitored for stability becuase they have pertinant applications running so i think other peoples perceptions that the system could crash if the cpu cycles more than it can handle is not justified.
the system did not crash , there was an Error in Event viewer after the scan was complete that shows this:
Faulting application name: SCAN64.EXE, version: 188.8.131.527, time stamp: 0x4d2e0635
Faulting module name: vsodscpl.DLL, version: 184.108.40.2065, time stamp: 0x4fcfdb63
Exception code: 0xc0000005
Fault offset: 0x0000000000023f65
Faulting process id: 0x33d0
Faulting application start time: 0x01cea74a1181356d
Faulting application path: C:\srvapps\McAfee\Ver88i\x64\SCAN64.EXE
Faulting module path: C:\srvapps\McAfee\Ver88i\x64\vsodscpl.DLL
Report Id: ccd37945-133f-11e3-a65e-00237dd0706a
this to me constitutes a corrput file system/ install with Mcafee/ patch 2 or the actual installation of the virus scanner.
Yes, if someone thinks a system will crash because of "too many CPU cycles" they are missing some understanding of how Windows works .
The system did not crash, but the On Demand Scan process (scan64.exe) did crash.
The error in Event viewer shows the details of the crash - an access violation.
If that is a reproducible behavior, we'd very much like to get additional information from you - if you could open a case with Support.
yes i agree with u on that 110% and i cant stress that enough!
they are missing some understanding of how Windows works .
unfortunitly my postion prohibits me from providing more detailed information. we have specific team that is suppose to look at these issue with mcafee and they choose to blame it on other things and or say there isnt an issue its working as constructed. i call BS my first thought that came to me when i saw the 64scan issue is REINSTALL or repair of the file system end of story but nooooooooooo my team has to drag this thru the mud.
the other thing is this server has 24 cores, 46gig of ram no way in hell it would crash with how our application utlizes it, the cpu cycle of 97% was probably on 1 or 2 cores if that.