Solved

McShield.exe and McTray.exe high processor utilization

Posted on 2009-04-08
10
4,557 Views
Last Modified: 2013-12-09
We recently upgraded to McAfee VirusScan 8.7 and have noticed an increasing number of machines that have McShield.exe and McTray.exe utilizing almost all of the processor.  A reboot usually fixes the problem but it seems that random events trigger these processes to jump up so high.
There is not a scheduled scan or any McAfee tasks running when the processes spike and it seems the only way to stop them is to kill the processes or reboot.

We are running ePolicy Orchestrator management console 3.6.1 Patch4.  The workstation agent version we are running is 4.0.0.1345.

Has anyone else experienced similar issues with McAfee VirusScan, particularly 8.7?
0
Comment
Question by:junior049
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 24097929
junior049 - Welcome to EE. I see that you have just started asking questions.
Please keep in mind that you need to respond to comments from the volunteer Experts. One of the most frustrating parts about trying to help here is when we take the time to post a suggestion, but then don't hear back.

With that said - and with the caveat that my ePO days are in the somewhat distant past - are you using the 'throttling' function to control what percentage of the processor that your McAfee client is allowed to use?

The most "ePO current" Expert on the site is legalsrl and he usually monitors the McAfee Zone pretty carefully. Stand by to hear from him and my 3 year old McAfee thoughts whatever consideration they deserve.

0
 

Author Comment

by:junior049
ID: 24098010
Thank you for your response both yesterday and today.  The only reason that it took me so long to respond to you on the other problem was that I was trying to track down the info you requested.  By the time I had tracked down the info, it was late in the evening, time to go home and the problem was no longer occurring.  At that point I decided to call it a day and respond this morning.
I apologize for the delay.
Per your question above, yes, we throttle the processor usage at 30% during scans.  However, the scans are set to run at 2:00am local time.  Also, the process that McAfee uses for a scan is scan32.exe.  These McShield.exe and McTray.exe processes are spiking at random intervals when there are not any tasks scheduled.
0
 
LVL 38

Expert Comment

by:younghv
ID: 24098372
I don't like posting links to other forums, but I think this is being discussed on McAfee (http://forums.mcafeehelp.com/showthread.php?s=23b668e996f117ef1cf63d612865ee7f&t=222427&page=5)

I'm going to drop a note to legalsrl, because I am in over my head and don't like to guess about solutions.

I'll monitor this, but only to learn what Si has to say.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:junior049
ID: 24098577
Thanks for the link.  It may be worth opening a case with McAfee.  I know there is currently not a publicly released hotfix for 8.7 yet but according to that forum you can sometimes get a hotfix from McAfee directly from support.
0
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 24100203
Evening all,

Vic, thanks for the link

Junior, you're seeing exactly what everyone saw when 8.5 came out

We would see sudden VSTaskMGR spikes, normally at about 5pm.

I would contact Gold Support at your earliest opportunity.  I'd be interested to know the outcome as this looks very similar to the problem that the early adopters had with 8.5

Cheers
Si
0
 

Author Comment

by:junior049
ID: 24115094
I have an open case with Gold Support.  They referred me to KB50981.  Also, they mentioined a hotfix for 8.7 will be released on 4/17/09.  I will update with more info as I have it.  Thanks for the suggestions thus far.
0
 

Author Comment

by:junior049
ID: 24487746
Sorry for the long delay but McAfee Gold Support was previously unable to provide me any relief to this problem.  They have been planning the release of a patch for 8.7i that is supposed to fix performance issues.  It went RTW last night and we have applied to a handful of our more troublesome machines.  I will update again in a day or two with the results from our testing.

Interesting side note about McAfee support:
About a week before the patch was scheduled for release, one McAfee technician actually suggested that I disable the On-Access scanner for all affected machines until the patch was released.  Pretty bad when McAfee techs are telling you to disable the real-time scanner to fix the problem.  I love dealing with tech support!
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24502737
Thanks for the update, sorry it took me a while to post back, but I was on holiday

I'm really surprised that McAfee haven't learnt from the EXACT same problem that we had in 8.5, but hey ho.....

Let me know if the patch works for you....

Cheers
Si
0
 

Author Comment

by:junior049
ID: 24607574
The patch seems to have resolved this issue.  However, McAfee recently removed the patch from their website because it caused another bug on Vista machines.  No problem for us since we are on XP.
Still seems like very buggy software.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24609936
Junior049,

Did any of the suggestions from the experts help you resolve your issue ?

If so, I would suggest that you accept their comment as it would have been the expert's answer that provided you with your solution

Also, that way it gets lodged in the knowledgebase so that anyone else with your problem now knows to contact McAfee Gold Support

Either way, a mod will review this

Cheers
Si
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question