3 Replies Latest reply on Jun 15, 2017 1:07 PM by creese40

    EPS 10.1 Security Component Hostig Server mfetp.exe

    ssantiago

      Hi anyone else have this issue with EPS 10.1?

       

      Theres a process called Security Component Hosting Server that uses a lot of CPU resources like 70%-80 percent.

        • 1. Re: EPS 10.1 Security Component Hostig Server mfetp.exe
          mikhailk

          The same issue happed to me. I had network issue and connection was unstable which caused breaks when McAfee mfetp.exe tried to update policies and it went into infinite loop and occupied 100% of CPU. Only rebooting the system helped for a while. After I fixed connection issues I haven't seen this issue any more.

          So there is definitely a bug in mfetp.exe or in one of its component, I saw 2 types of errors in the logs from mfetp.exe and from MaSpb.dll.

          UPD: still an issue, no one knows how to resolve it, the only one remedy for now - rebooting system each time it happens.

          1 of 1 people found this helpful
          • 2. Re: EPS 10.1 Security Component Hostig Server mfetp.exe
            not_john_mcafee

            This same thing happened soon after we deployed the TIE component. In the ThreatIntelligence_Debug log I can see that after installation of TIE for ES 10.1, a TIE scan started in observe mode. The scan took several hours on a WIN10 computer with an i7 and 8GB ram.

             

            From ThreatIntelligence_Debug.log

            03/10/2016 12:59:12.527 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.000s to report SERVICE_START_PENDING

            03/10/2016 12:59:12.568 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Starting service...

            03/10/2016 12:59:12.572 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.045s to report SERVICE_RUNNING

            03/10/2016 12:59:12.683 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.156s to BLFrameworkInit()

            03/10/2016 12:59:12.687 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Debug: Took 0.003s to initialize BL Server

            03/10/2016 12:59:12.820 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Loading TIE component...

            .

            .

            .

            03/10/2016 12:59:29.851 PM   mfetie(8012.16076) <SYSTEM> TieService.mfetie.Activity: Service started successfully

            03/10/2016 12:59:30.329 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded Enabled state from registry - 1

            03/10/2016 12:59:30.330 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded ObserveModeEnabled state from registry - 1

            03/10/2016 12:59:30.330 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded BlockLevel state from registry - 30

            03/10/2016 12:59:30.331 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded BlockEnabled state from registry - 1

            03/10/2016 12:59:30.331 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded CleanLevel state from registry - 1

            03/10/2016 12:59:30.332 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: Loaded CleanEnabled state from registry - 1

            03/10/2016 12:59:30.334 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//promptEnabled

            03/10/2016 12:59:30.336 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//promptLevel

            03/10/2016 12:59:30.341 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned Medium for property businessObject//securityPosture

            03/10/2016 12:59:30.344 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//useGTI

            03/10/2016 12:59:30.346 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned default, true, for property /businessObject//telemetry

            03/10/2016 12:59:30.349 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//atdEnabled

            03/10/2016 12:59:30.351 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 5 for property /businessObject//atdFileSizeLimit

            03/10/2016 12:59:30.353 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//atdLevel

            03/10/2016 12:59:30.356 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/enabledRules

            03/10/2016 12:59:30.359 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/disabledRules

            03/10/2016 12:59:30.361 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getStringProperty returned (null) for property /businessObject/evaluatedRules

            03/10/2016 12:59:30.363 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//EP_BO_TECHNOLOGY_ENABLE

            03/10/2016 12:59:30.365 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//observeModeEnabled

            03/10/2016 12:59:30.367 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//blockEnabled

            03/10/2016 12:59:30.369 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 30 for property /businessObject//blockLevel

            03/10/2016 12:59:30.370 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned true for property /businessObject//repairEnabled

            03/10/2016 12:59:30.372 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 1 for property /businessObject//repairLevel

            03/10/2016 12:59:30.374 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getBoolProperty returned false for property /businessObject//promptEnabled

            03/10/2016 12:59:30.376 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: getInt32Property returned 50 for property /businessObject//promptLevel

            03/10/2016 12:59:30.377 PM   mfetie(8012.5496) <SYSTEM> TieHooks.TieHooks.Debug: returned from setConfig

            03/10/2016 12:59:31.679 PM   mfetie(8012.7340) <SYSTEM> TieHooks.TieHooks.Debug: Observe Mode - Object :: C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll  Reputation :: 99   Reaction ::   Allow   Time :: 1.285382

            .

            .

            .

            03/10/2016 03:45:41.703 PM   mfetie(8012.6944) <SYSTEM> TieHooks.TieHooks.Debug: Observe Mode - Object :: C:\Windows\System32\ploptin.dll  Reputation :: 99   Reaction ::   Allow   Time :: 0.001393

            1 of 1 people found this helpful
            • 3. Re: EPS 10.1 Security Component Hostig Server mfetp.exe
              creese40

              I'm dealing with this issue right now. CPU spiking

               

              McAfee Firewall Business Object Hosting server using 51% of CPU