Solved

Microsoft Forefront

Posted on 2013-06-12
3
718 Views
Last Modified: 2013-11-22
Hello, I need some help.
I have Microsoft forefront on my network workstations as my antivirus. Two of my workstation are continuously being scanned causing the cpu usage to spike which causes decrease in the workstations' performance. My other workstations run a quick scan once a day early in the morning and a full scan once a week. But 2 of these stations are always non stop in scan mode. Any idea what is causing this and how to fix it. No infections are ever found. What can I look for to fix this.
-thank you-
0
Comment
Question by:MrMay
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39243253
I amy even want to test if scan per file will stop - rightfully it should just to make sure the engine is alright. I suspecting the scehduler though...we can also stop all scan and try the commandline approach to see if this loop exist still.  There is means to schedule thru commandline too.

http://www.chris-mohan.com/2009/05/forcing-av-scans-for-the-command-line-in-forefront/
http://blogs.technet.com/b/kfalde/archive/2008/10/23/how-to-add-extra-scheduled-scans-or-definition-updates-for-fcs.aspx

In particular, usage of MpCmdRun.exe -Trace indicates that it traces all levels and all groups. There is log file generated which can help us to see where or hints of hanging... ... probably event log has error hints too
http://it.toolbox.com/blogs/it-pro-secure/forefront-client-security-using-the-log-files-from-the-forefront-client-security-agent-sp1for-analysis-31107

i was thinking if it is catch up scan initially but seems its scan was never been stopped - meaning the machine is shut down before or "missed" the scheduled scan etc.
http://blogs.technet.com/b/fcsnerds/archive/2009/06/18/understanding-catch-up-scans.aspx

I was looking at sort of file scanned that be causing loop, maybe
http://support.microsoft.com/kb/939361
0
 
LVL 38

Expert Comment

by:younghv
ID: 39339058
I've requested that this question be closed as follows:

Accepted answer: 500 points for breadtan's comment #a39243253

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now