Once a day when mcafee 8.7i gets its new dat file the on access demand will peg the processor to 100%. I started to notice this after the 8.7 upgrade and is most common on my terminal servers.
Any thoughts would be great.
Thanks
We also face the same problem on vSphere 4 but most common on an IIS webserver. Initially the problem didn't occur after rolling out VirusScan 8.7 until patch 1. However.... an upgrade to patch 2 and demote to patch 0 didn't solve the problem. I have an open case at both VMware and Network Associates but don't have a solution yet.
A customer has the same problem, the have 8.7i. When McAfee updates some VM's freezes for some minutes (100% CPU). We have opened a case at Network Associates. After some testing with patches, the problem is still the same.They told they customer that the problem does not occurs on physical servers, so the problem lies in the VMware environment and closed the case! McAfee support sucks real!.
I suppose it's related to McAffee settings - after receiving new definitions it starts quick rescan.
Not sure if you can disable it, but try to find such settings.
---
MCSA, MCTS, VCP, VMware vExpert '2009
This is a common issue with Mcaffee, it is very resource intensive and one of the reasons That I do not recommend it to my clients for terminal Services and virtual environments. The scan process always spikes CPU at 100% and the only way I have found to mitigate it is with products such as AppSense Application Manager or RES Powerfuse.
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth VCP / vExpert
VMware Communities User Moderator
Blog: www.planetvm.net
Contributing author on "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://www.amazon.co.uk/VMware-VSphere-Virtual-Infrastructure-Security/dp/0137158009/ref=sr_1_1?ie=UTF8&s=books&qid=1256146240&sr=1-1]”. Currently available on roughcuts
Thanx for all the replies. I have not been able to find any setting to disable a rescan after receiving new definitions. I'm not supprised the problem is common with McAfee. What surprises me is we never faced the problem before upgrading tot VirusScan 8.7. The best workaround we found is to give the VM's a second CPU. McAfee still uses a lot of CPU during the update, however the machines remains available. Can't believe this is the only "solution" for the problem. Still have to find courage to contact McAfee again since the closed the previous call whithout solving the problem
We currently are using the work around of having the download done after hours. Then we don't care if it spikes.
Long term though I am pushing the security team into using a Vshield Mcafee appliance.
Is any one else done this or is looking into it?
Hi - interesting topic.
I'm fimilar with the vShield/zones concepts - Are McAfee looking to provide some sort of plugin/appliance that you mention? If I reading this right that would mean the local GOS a/v scanner could be uninstalled?
thanks,
Neil
Anyone have any updates to this? We are seeing something similar as well.