The home products don't work on servers. Can you please identify which McAfee product and then I will move the thread accordingly.
Sorry, I am running McAfee Enterprise 8.7.
OK, moved from Home to Business > VSE for better attention. Good luck ;-)
Is there a reason to stay on 8.7i?
If possible, you should upgrade the systems to 8.8 + Patch 2 + Hotfix 778101.
Establishing your baseline as the "latest and greatest" is always a good start.
I would like to upgrade, however due to the work compliance, I cannot at this time. I am wondering if there is a registry setting that could be causing the slowdown? But wireshark shows it trying to reach a website which it can't do. How would I turn that off if that is the case? Thanks.
VSE 8.7 only has one process that would be interested in network traffic, and that's FrameworkService.exe (which actually belongs to our Updater component).
If it cannot reach the internet (or an internal ePO server) then VSE will not be able to update.
If you have identified a different process responsible for the traffic, which process - and where was the traffic going?
We've seen in the past some ldap activity, which we inherited by using Microsoft cryptographic APIs - but that's a problem we've solved in 8.8.
Anything else and I'd question whether it's malware or not. Being on 8.7i you don't have a lot of protection against current malware threats. i.e. the product protections could be circumvented.
You haven't shown though that the network traffic is directly tied to the unresponsiveness of the device. So I wouldn't mention that unless you're certain that's where the issue is. Instead, I'd be wanting to cast a wider net - such as using XPerf or PerfMon - to demonstrate where CPU cycles are going, or what windows aspect is being heavily utilized. From there, use the appropriate tool to further inspect that windows aspect... is it the NIC, disk I/O, memory, CPU, etc.
can you post the pcap.
run a procmon or process explorer or you can use the mcafee profiler.