Can you give a bit more details about that application? Does it use archives files? What happens if you set the application process as a low risk? Any exclusion can be made?
Can you please set that process as a low risk and test?
If the issue continues you should run the McAfee profiler and needs to be investigated what can be excluded or set in VSE for better performance.
How do I obtain Profiler?
You must first sign in to the ServicePortal (https://support.mcafee.com), click the Tools tab and expand System Repair and Diagnostics Tools, then click McAfee Profiler.
Thank you for suggestion,
We are investigation as per you suggestion, If any changes are done in registry at the time of On-Access enable or any registry Keys and values are blocked?
Kindly please clarify my doubt.
first of all make sure every recommended Exclusion is set properly in low risk and standard policy. there are several documents for Micrososft products that might come handy but for Workstations the policys should contain at least the following advices (from Microsoft): http://support.microsoft.com/kb/822158/en-us
McAfee itself recommends for their own products exclusions as well as the follwoing ones are for the McAfee Agent itself:
Low Risk Policy
Now you should check what Jose Maria did mention: Try to identify the most intensive processes and clarify wether or not they could be excluded in future. Is there a SQL Databse in Background working or an oracle database? Is this process processed locally or is this some kind of Network connection and we are talking about a Terminalserverconnection (so there could be made an entry in ScriptScan Exclusion section)?
Are there Archives in the Background which will be opend and scanned? And if nothing helps and you have the time to do testing: Download Procmon, monitor and save the whole workprocess and open a SR for further analysis so that at least McAfee can help you (and add the procmon log plus a MER).
As for your Question regarding blocking registry keys and other sysinternals: That depends on how your acess protections policy is configured. For normal it shouldn´t block but if you have issues in changing and can trace it down to McAfee Virusscan the possibility is given, that one of your own policys is blocking the changes.
PS: This may be handy as well: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22940/en_US/vse_880_best_practic…
Hello Jose Maria,
This issue does not occur with the process as a low risk, but this is temporary.Because “Low-Risk processes” option become disabled after a period of time.
This might be caused by the McAfee policy which is controlled by our IT system.
That is ePolicy Orcehstrator. Then you should speak to your IT System person and set the same setting into ePO. But it is great to know that the issue is resolved when setting the process under low risk
For any other question you know where I am
Thank you Jose Maria,
Please tell me what i do for “Low-Risk processes” option enabled permanently ,Kindly explain in briefly?
Your IT person should go in ePO to VirusScan Policies and then select the policy that need to be modified (the one that you are using at the moment) then click on the name of the policy to be modified.
It will ope the Settings for the policy and you need to include the process on it in the same way that you do in your local console.
Then he needs to enforce the policy (wake up agent)
This should work.
Please let me know if you have any problema or question