We had something very similar here but was only evident after installing Patch 6. After going through the information ProTip for VirusScan Enterprise: Troubleshooting On-Demand Scan Performance with VSE 8.8 Patch 5 and 6
We made the changes and all back to normal. CPU usage around 25-27% during a full disk scan .
I've just found another thread dating back to 2012 and they were still having this issue back then, on Patch 1 or 2... We are on Patch 6 and still experiencing this issue.
Regarding the ProTip document that you linked, system utilisation is already set to 'Low' and the other options aren't viable for us, as virus protection and computer and data integrity is paramount for us. (Wouldn't be very good if a zip folder containing malicious code, macros or viruses was skipped by McAfee and then ended up compromising our security, would it)
Is it possible that there was some form of .dat definition update on the day that this happened, which caused it to require more computer power to scan and update?
Hello Anthony, In answer to your first question is no this is not the normal. Here are a few things to keep in mind. If your managing via ePO, what time of day did they experience it? Staggered, 5pm or another time
Can you share what kind of shooting you might have attempted. For the purposes of shooting on client, disable access protection and measure, re-enable and disable on access scanner and measure. What were your results?
In a very similar setup except I have Patch 7 for Mcafee 8.8 (22.214.171.1248) I was getting this exact same thing. I noticed MACOMPATSVC.EXE getting blocked right before it happened via the AP rule seen below. Once I added this to the exception it went away. I tired called Mcafee support and have a case but they have not responded to it since 3/15 after daily status update inquiries. Mcafee support seems to have taken a break recently. Check your AP logs on those machines to see if something that should be happening for Mcafee is being blocked by Mcafee.
3/14/2016 8:54:02 AM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\PROGRAM FILES\MCAFEE\AGENT\X86\MACOMPATSVC.EXE HKLM\SOFTWARE\WOW6432NODE\MCAFEE\SYSTEMCORE\VSCORE\ON ACCESS SCANNER\MCSHIELD\CONFIGURATION\DEFAULT\ Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write