Loading...

Knowledge Center


Understanding the On-Demand Scan system resource utilization
Technical Articles ID:   KB55145
Last Modified:  4/4/2018
Rated:


Environment

McAfee VirusScan Enterprise (VSE) 8.x
McAfee Endpoint Security Threat Prevention (ENSTP) 10.x

Summary

Recent updates to this article:

{GENSUB.EN_US}
Date Update
April 4, 2018 Multiple updates to include references to ENS and make the article more generic to cover both VSE and ENS.

In the latest McAfee products, the On-Demand Scanner (ODS) uses Windows Priority Control. The ODS System Utilization setting does not set a static percentage of CPU utilization or threshold for the amount of CPU used to perform an On-Demand Scan. Instead, the operating system manages the amount of CPU resources that the ODS receives at any point in the scan process.

The System Utilization option in the Performance tab for the On-Demand Scan maps to Windows Priority Control. The logic used by Windows Priority Control keeps the CPU as busy as possible performing useful tasks. Windows Priority Control prioritizes CPU utilization to complete specific tasks in the shortest time possible, based on priority. Tasks must be prioritized to determine how available system resources are allocated.

A core component of Windows Priority Control is the System Scheduler. The System Scheduler uses a Multilevel Feedback Queue algorithm to check the Priority and the length of time required to complete a task. Windows Priority Control allocates system resources based on this algorithm. When an On-Demand Scan is set to run at Below Normal, it does not take CPU time from programs that run at Normal priority. If set to idle, it does not take CPU from any other Task or Process running at a higher priority.

Why does the On-Demand Scan use up to 100 percent CPU when the task is set to a System Utilization of Low?
When an On-Demand scan occurs, Windows Priority Control will allocate CPU time to the On-Demand Scanner. How Windows Priority Control allocates CPU is based on the Scheduling Priority for the running task. The Task priority of the On-Demand Scan can be set in the On-Demand Scan Task or Policy under Performance > System Utilization.

The following Microsoft Article explains how Windows Priority Control works:https://msdn.microsoft.com/en-us/library/windows/desktop/ms685100(v=vs.85).aspx

NOTES:
  • This does not apply to archive files if archive scanning is enabled.
  • For VSE 8.7i, the throttle does not apply to scan targets that are not files, such as the registry or memory. This is improved in VSE 8.8 and ENS.
To view the priority of a Task
  1. Press CTRL+ALT+DEL, then select Task Manager.
  2. In the Processes tab, right-click the process and highlight Set Priority.

On-Demand Scan tasks in VSE 8.7i might use larger amounts of system resources than expected
NOTE: The total system utilization is a combination of CPU utilization and I/O throughput - it cannot be determined by CPU utilization alone.

The threshold value specified for the scan task is only enforced during scanning. The threshold value does not apply to the initial estimation phase of the scan, when VSE determines the amount of system resources available, and can subsequently limit itself to the value specified.

The value obtained during the estimation phase becomes the baseline for the System Utilization setting in the task properties. The On-Demand Scanner then checks its system utilization periodically to ensure that it is at the baseline threshold. If the scanner cannot reach the desired threshold after multiple attempts, it assumes that other resource-intensive tasks have commenced on the system, and lowers its threshold target. The scanner lowers this target further if the target remains unattainable.

The On-Demand Scanner increases its system utilization up to the originally determined baseline if it can do so. This behavior continues until the scan task is complete or the allotted time for the scan task is reached.

Lower priority tasks can cause temporary spikes in CPU utilization when other tasks with a higher priority request CPU resources. This can be attributed to Priority Inversion.

For more information, see: http://msdn.microsoft.com/library/ms684831(v=VS.85).aspx.
NOTE: In VSE 8.8 and ENS, the McShield.exe process performs most of the work for on-demand scanning. You can expect to see increased CPU activity from this process when an On-Demand Scan is in progress.

Solution

Make the following adjustments to the ODS settings to improve performance, as required:
  • For Best Practice for VSE and ENS On-Demand Scans, see KB74059
  • Enable scan cache. For assistance, see the VSE 8.8 Product Guide (PD22941).
  • Configure a daily, targeted ODS for risky locations.
  • Configure a complete ODS to run once a week.
  • Configure exclusions in ODS tasks where required, such as on an Exchange server.
Part of the above advice has been extracted from another article, KB85299 - FAQs about McShield.exe and high CPU utilization when running On-Demand Scans.

Previous Document ID

9197288

Disclaimer

The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products


VirusScan Enterprise 8.8

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.