Loading...

Knowledge Center


Slow performance with Java-based applications when Endpoint Security or VirusScan Enterprise is installed
Technical Articles ID:   KB58727
Last Modified:  7/19/2018
Rated:


Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee VirusScan Enterprise (VSE) 8.x

Problem

Slow performance occurs with Java-based applications when ENS or VSE is installed.

Cause

Java uses .JAR and .CLASS archive files. ENS/VSE include the ability to scan these archive types for malicious content. Archive scanning requires that each file in the archive be extracted and scanned individually. For large archives or programs that access multiple archives, this can cause slow system performance and an increase in the CPU resources used by the McShield.exe process.

Solution

Disable archive scanning (disabled by default)
NOTE: There is minimal risk when archive scanning is disabled. When an archive is extracted, each file must still be scanned before it is saved.

To disable archive scanning with ENS:
  1. Log on to the ePO console.
  2. Click Menu, Policy, Policy Catalog.
  3. Select Endpoint Security Threat Prevention from the Product drop-down list.
  4. Select On-Access Scan from the Category drop-down list.
  5. Click the name of your policy.
  6. Click Show Advanced.
  7. Deselect Compressed archive files.
To disable archive scanning with VSE:
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Double-click On-Access Scanner.
  3. Click Default Processes or All Processes.
  4. Click Advanced, and then deselect Scan inside archives (e.g. .ZIP).
NOTE: For computers managed by ePolicy Orchestrator (ePO), you must make this change in the On-Access Default Processes Policies for VSE. Click the Advanced tab, deselect Scan inside archives (e.g. .ZIP), and then click Apply. See the ePolicy Orchestrator Product Guide for detailed information on configuring policies in ePO.

Solution

Add Java files to Low Risk processes
Identify the processes of applications writing or reading Java files and create an On-Access Scanner Low Risk process exclusion for them. Disable scanning when writing to or reading from disk. If you are unsure which processes to exclude, use Process Monitor (ProcMon) to find out which processes have the most I/O or archives. Ensure you exclude only safe and trusted processes. For full information and ProcMon downloads, see KB72766.

NOTE: Processes in the High Risk processes policy should never be excluded.

Solution

Exclude files with JAR, CLA, JAV extensions from Default Processes scanning
Exclude by extension only if Java files are accessed by a large number of processes or by processes that should not be added to Low Risk processes.

NOTE: Although it is generally advised not to disable scanning of file types (exclusion by extension) that are accessed by any process, you can exclude these file types if they are known to be safe.

Previous Document ID

KB47723

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.