Loading...

Knowledge Center


Understanding the VirusScan Enterprise On-Demand Scan system resource utilization
Technical Articles ID:  KB55145
Last Modified:  09/17/2012
Rated:


Environment

McAfee VirusScan Enterprise 8.8
McAfee VirusScan Enterprise 8.7i
 

Summary

From VirusScan Enterprise (VSE) 8.7i Patch 1, the On-Demand Scanner (ODS) uses Windows Priority Control. The ODS System Utilization setting does not set a static percentage of CPU utilization or threshold for the amount of CPU used to perform an On-Demand Scan. Instead, the operating system manages the amount of CPU resources that the ODS receives at any point in the scan process.

The table below shows how the System Utilization setting in the ODS properties maps to Windows Priority Control: 
 
Utilization Priority
10% Idle
20% - 50% Below Normal
60% - 100% Normal

The logic used by Windows Priority Control is to keep the CPU as busy as possible performing useful tasks. A simple explanation of how Windows Priority Control determines CPU utilization is that it attempts to complete specific tasks in the shortest time possible, based on priority. Tasks must be prioritized to determine how available system resources are allocated. 

A core component of Windows Priority Control is the System Scheduler. The System Scheduler uses a Multilevel Feedback Queue algorithm to check the Priority and the length of time required to complete a task. Based on the algorithm, Windows Priority Control allocates system resources. 
 
When an On-Demand Scan is set to run at 20% - 50% (Below Normal), it will not take CPU time from programs that run at Normal priority. If set to 10% (idle), it will not take CPU from any other Task or Process running at a higher priority.


Why does scan32.exe use up to 100 percent CPU even when set to 10 percent (Idle)?
This is because the On-Demand Scan occurs during times when the CPU is idle. Windows Priority Control performs higher priority tasks first, then allocates all available resources when no other tasks are running.

NOTES:
  • This does not apply to archive files if archive scanning is enabled.
  • For VSE 8.7i and earlier, the throttle does not apply to scan targets that are not files, such as the registry or memory. This is improved in VSE 8.8 and later.
     
To view the priority of a Task
  1. Press CTRL+ALT+DEL, then select Task Manager.
  2. In the Processes tab, right-click the process and highlight Set Priority.
 
On-Demand Scan tasks in VSE 8.7i and earlier might use larger amounts of system resources than expected

NOTE:
The total system utilization is a combination of CPU utilization and I/O throughput - it cannot be determined by CPU utilization alone.
 
The threshold value specified for the scan task is only enforced during scanning. The threshold value does not apply to the initial estimation phase of the scan, when VSE determines the amount of system resources available, and can subsequently limit itself to the value specified.
 
The value obtained during the estimation phase becomes the baseline for the System Utilization setting in the task properties. The On-Demand Scanner then checks its system utilization periodically to ensure that it is at the baseline threshold. If the scanner cannot reach the desired threshold after multiple attempts, it assumes that other resource-intensive tasks have commenced on the system lowers its threshold target. The scanner will lower this target further if the target continues to be unattainable.

The On-Demand Scanner will increase its system utilization up to the originally determined baseline if it is able to do so. This behavior continues until the scan task is complete or the allotted time for the scan task is reached.

Lower priority tasks can cause temporary spikes in CPU utilization when other tasks with a higher priority request CPU resources. This can be attributed to Priority Inversion.

For more information, see: http://msdn.microsoft.com/library/ms684831(v=VS.85).aspx.
 
NOTE: In VSE 8.8, the majority of work for On-Demand scanning is performed by the McShield.exe process. You can expect to see increased CPU activity from this process when an On-Demand Scan is in progress.

Previous Document ID

9197288

Rate this document

Did this article resolve your issue?

Please provide any comments below

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.
United States - English
© 2003-2013 McAfee, Inc.