Knowledge Center

Understanding the VirusScan Enterprise On-Demand Scan system resource utilization
Technical Articles ID:   KB55145
Last Modified:  7/25/2017


McAfee VirusScan Enterprise (VSE) 8.x


The VSE 8.x On-Demand Scanner (ODS) uses Windows Priority Control. The ODS System Utilization setting does not set a static percentage of CPU utilization or threshold for the amount of CPU used to perform an On-Demand Scan. Instead, the operating system manages the amount of CPU resources that the ODS receives at any point in the scan process.

The System Utilization option in the Performance tab for the On-Demand Scan maps to Windows Priority Control. The logic used by Windows Priority Control keeps the CPU as busy as possible performing useful tasks. Windows Priority Control prioritizes CPU utilization to complete specific tasks in the shortest time possible, based on priority. Tasks must be prioritized to determine how available system resources are allocated. 

A core component of Windows Priority Control is the System Scheduler. The System Scheduler uses a Multilevel Feedback Queue algorithm to check the Priority and the length of time required to complete a task. Windows Priority Control allocates system resources based on this algorithm. When an On-Demand Scan is set to run at (Below Normal), it will not take CPU time from programs that run at Normal priority. If set to (idle), it will not take CPU from any other Task or Process running at a higher priority.

Why does McShield use up to 100 percent CPU when scan32.exe\scan64.exe is set to a System Utilization of Idle? 
When an On-Demand Scan occurs during times when the CPU is idle, Windows Priority Control will allocate the CPU resources for use by the On-Demand Scanner. Because there are no higher priority tasks, all the CPU is allocated to the task that is running. To help quantify the CPU time seen as "Idle," you can view the System Idle Process in Task Manager.

  • This does not apply to archive files if archive scanning is enabled.
  • For VSE 8.7i, the throttle does not apply to scan targets that are not files, such as the registry or memory. This is improved in VSE 8.8 and later.
To view the priority of a Task
  1. Press CTRL+ALT+DEL, then select Task Manager.
  2. In the Processes tab, right-click the process and highlight Set Priority.
On-Demand Scan tasks in VSE 8.7i might use larger amounts of system resources than expected
NOTE: The total system utilization is a combination of CPU utilization and I/O throughput - it cannot be determined by CPU utilization alone.
The threshold value specified for the scan task is only enforced during scanning. The threshold value does not apply to the initial estimation phase of the scan, when VSE determines the amount of system resources available, and can subsequently limit itself to the value specified.
The value obtained during the estimation phase becomes the baseline for the System Utilization setting in the task properties. The On-Demand Scanner then checks its system utilization periodically to ensure that it is at the baseline threshold. If the scanner cannot reach the desired threshold after multiple attempts, it assumes that other resource-intensive tasks have commenced on the system lowers its threshold target. The scanner will lower this target further if the target continues to be unattainable.

The On-Demand Scanner will increase its system utilization up to the originally determined baseline if it is able to do so. This behavior continues until the scan task is complete or the allotted time for the scan task is reached.

Lower priority tasks can cause temporary spikes in CPU utilization when other tasks with a higher priority request CPU resources. This can be attributed to Priority Inversion.

For more information, see: http://msdn.microsoft.com/library/ms684831(v=VS.85).aspx.
NOTE: In VSE 8.8, the majority of work for On-Demand scanning is performed by the McShield.exe process. You can expect to see increased CPU activity from this process when an On-Demand Scan is in progress.


Make the following adjustments to ODS settings to improve performance, as required:
  • Best Practice for VSE On-Demand Scans, see KB74059
  • Enable scan cache. For assistance refer to the VSE 8.8 Product Guide (PD22941).
  • Configure a daily, targeted ODS for risky locations.
  • Configure a complete ODS to run once a week.
  • Configure exclusions in ODS tasks where required, such as on an Exchange server.
Part of the above advice has been extracted from another article, KB85299 - FAQs about McShield.exe and high CPU utilization when running On-Demand scans.

Previous Document ID



The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products

VirusScan Enterprise 8.8

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.