Why does the McShield has to use all my CPU and Ram capacity? 2

[123456programmer]

Hello everyone.
I was wondering why Mcshield had to use all my memory and cpu capacity as i run internet explorer and kazaa.
When i press Ctrl + Alt + Del (i m on winxp pro) it says that the Mcshield is using approximately 100,000K of the Mem. Is this normal? Is there anyway to make it use less memory than what it actually uses?
thanx in advance.

 

[bfralia]

You didn't say what version of McAfee you are using but I'd say it's highly probably you are using 4.5.1 which is pretty much a resource hog.

If you've got active scan turned on, Kazaa and Internet explorer both generate a LOT of incoming files that could keep McShield pretty busy.

If you're not on VS7E then I'd suggest you upgrade because it's much more resource friendly.

 

[lennarthb]

https://knowledgemap.nai.com/phpclient/homepage.aspx

and fill in: NAI33568 (Sollution ID)

//Lennarth B

 

[ChristopherNash]

I'm having the same issue. But we are using 7.0 and ramdomly I have users saying that their machines are not responding. We are now deploying the newest EPO agent and still are having Mcsheild.exe use 99% of the processor.. Cut it off or end task and things run fine.

 

[HSESupport]

Are you running any SMS inventories on the problem machines?

 

[billybarty]

I am having the same trouble with only a few systems out of 200 that are running epo agent 2.5.1 and TC 6.1.0. I tried the fix in the article above from the mcafee site that was to delete all .evt files from epo\agentdb\event. There were no such files on the affected systems in that location. There were some .evt files in the winnt\system32 folder. How about I delete the system32 folder?

 

[mattmsudawg]

I have found with Enterprise 7.0 that if it is hogging all the resources that it could have been a bad install. I have found computers doing this and I'll uninstall McAfee and the agent (if applicable) and reinstall and everything works great. Hope this helps!!

 

[cazulp]

We have this problem with ePO 2.5.1.252 with McAfee 4.5.1 (Vshwin32 goes to 99%) and McAfee 7.0 (McShield goes to 99%). The difference between the 2 is that with 4.5.1, the PC is still useable. With 7.0, the PC is rendered inoperable. Someone on this Forum already pointed to the event logs as being the problem. After a week of trouble shooting, event logs are indeed the cause. If your PC cannot talk to the ePO server, it creates 2 events every time you Boot or reboot. Depending on how often you have the ePO client trying to communicate, and whether you are online or offline, you can end up getting events very quickly. When event NaiFFFF is created, the process gets stuck, no more events are created and CPU goes to 99%. On a stand-alone PC (W2k) it takes about 18 reboots to get to FFFF. The answer is to get to ePO version 2.5.1.285. Unfortunately this is a server fix that sends the update back to the Client and the stuck FFFF is purged. We have proved that it works with McAfee 4.5.1 and will shortly be testing on McAfee 7.0. We are also creating our own Client update (instead of waiting for connection to the server)and will be testing this shortly. The update in addition to new code also adds a file called evtfiltr.ini.

 

[Lordyboy]

Mcafee have released VirusScan 7.1.0, don't know if that will help but I have been running it for one month and have had no resource issues

 

[mjdes]

I have the same problems and seeing as I am at the 2.5 base install release/engine I obviously to upgrade it.
My problem is FINDING the specific patch to download - whihc in this case is ePO 2.5.1 hotfix 11.

 

[siscokid1]

My windows 2000 is doing the same, I had 4.5 before, and
now 7.0 is doing the same :-(.

Any ideas?

 

[gordonp]

Our shop uses 7.0.0 and 7.1.0 along with ePolicy Orchestrator 3.0.1 Console. This solved our problem of high CPU usuage:

Right-click on the Vshield >> On-Access Scan Properties >> Default Processes >> click radio button "Use different settings for high-risk and low-risk processes" >> a green low-risk processes icon and a red high-risk processes icon should appear >> click green low-risk processes icon >> click "Detection" tab >> change "What to scan" from "All files" to "Default + additional file types" >> Apply >> OK

This can be set in the policies of ePolicy Orchestrator, as well.

*NOTE: we are still in the process of upgrading all of our workstations to 7.1.0. We have not deployed the recently released McAfee Scan Engine Version 4.3.20.

gordonp

 

[f3rrar1az]

Spoke to Mcafee about this exact problem for Enterprise 7.0 with EPO 2.51 but have not deployed 7.1 or EPO 3. However I am pretty sure I have your answer. If you are using EPO 2.5X in conjuction with Mcafee 7.0 the local clients are scanning the C:\EpoAgent folder and getting themselves hung, for lack of a better term. As a result I have added c:\epoagent as an exclude to my epo tree. this pretty much licked the problem right away. Maybe throw in an agent wakeup call to epo and your done in 10 minutes.

as far as the 4.51 clients go they were junk and especially if you are not running them with 4.51 SP1.

 

[meambobbo]

i am having similar problems VS - 7.0.0 v def - 4325 scan - 4.3.20. mcshield, mcupdate, and scan32 (which will lock up unless closing them through task manager) all cause the 96+% CPU usage problem. When I installed VS, it put the folder EPOAgent in c:\, and naimas32 and naimag32 run as processes from startup now, which are in that folder. Also, in that folder is aginst32, which appears to do nothing when ran, but tells me the epo agent is version 2.5.1.252 in properties. Thus, I figured installing patch 13 for this program, which has listed a fix for the bug i am describing would work. Trying to run it tells me "unable to find any qualifying product(s)". epo agent is not listed under add or remove programs in the control panel. I am running winxp pro. WHAT'S THE DEAL?! perhaps, something else is causing this? am i running the patch incorrectly?

 

[mattmsudawg]

The files naimas32, naimag32, and aginst32 are all related to version 2.5 of the agent. If you are using the newer version of the agent these need to be removed. Go to start then run and type C:\EPOAgent\aginst32.exe /remove and it should remove the old version of the agent. Then make sure you have the new version installed in it's default location which is C:\Program Files\Network Associates\Common Framework.

 

[meambobbo]

inside the folder you specified, i have cleanup, cmdagent, frameworkservice, frminst, mcscript, naprdmgr, and updaterUI. All the other files are dll's. Does this sound consistent with being able to remove version 2.5? If so, what should i run to install the "new" version? What version would that entail - 2.5.1 or 3.0?

 

[meambobbo]

here's another piece of info - opening agent (config setting) inside the c:\epoagent folder, contains these two lines:
SoftwareID=ePOAgent2000
Version=22319880
perhaps this is the version installed. agInst32 says version 2.5.1.252, however.

Thanks for the help.

 

[mattmsudawg]

The second list of files you gave are files associated with the 3.0 or 3.01 version of the agent. If I were you I would uninstall everything that has to do with McAfee. Install the newest version of the agent and let ePo push down VirusScan.

 

[meambobbo]

ok, i think i figured it out. the mcafee installer i have from my university installs virusscan 7.0 and epoagent ~2.0; however, it immidiately updates. I believe that installs epoagent 3.0; but leaves the old version on my computer. so i used the aginst32 /remove command to rid that. i think everything works fine now, but i'll keep posted if i start to notice any more problems. i was looking on network associates' site, and decided to download the 3.0 version patch, which i figured would detect if i had this version like the error messages i received from trying to install the 2.5.1 patch. Yet, this patch is supposed to be installed through the epoagent, which i don't even know how to run or what. but i think everything's working fine...

thanks again

 

[dlieder]

My PC using updated XP just started having this same problem. The explanation above that it is the Enterprise server issue doesn't apply here because I am not on a network. McSheild.exe and MskServer.exe are using all the CPU for the first 20 minutes after I boot the computer. Ridiculous.