Loading...

Knowledge Center


System issues when the Maximum Security setting option 'Processes On Enable' is enabled
Technical Articles ID:   KB81818
Last Modified:  5/5/2014
Rated:


Environment

McAfee VirusScan Enterprise (VSE) 8.8

For details of VSE 8.x supported environments, see KB51111.

Summary

The real-time scanner for VSE is equipped with a feature that allows scanning of memory, referred to in the User Interface (UI) as Processes On Enable. This causes the scanner to scan the memory of running processes as soon as it has initialized, any time it reinitializes, and anytime a new process is started

While advantageous from a security perspective, this feature inherits a performance hit and sometimes a compatibility side effect that not all environments will be able to tolerate. In previous releases of VSE, this feature was enabled by default, but improvements to that technology for how thorough it performs its work caused McAfee to rebrand it as a Maximum Security setting. This means it installs as Enabled only if you have selected to install the product with the Maximum Security default setting (this setting can be enabled post installation).

Problem

Memory pages of running processes get paged to disk.

Example:
Oracle, SQL, or other critical applications that need to be memory-resident continually, will have their process address space paged to disk when scan Processes On Enable kicks in, because it causes the memory pages of other processes that are running (but not currently loaded in memory) to become memory-resident; therefore, Windows facilitates the action by paging the now 'unused' process' address space to disk. Systems with ample RAM will be less prone to this symptom, but there is no guarantee of being free from it, because memory management is an inherent behavior of the Microsoft Operating system.

Problem

A process (or application) crashes whenever the McShield service is started, or following a DAT update.

Similar to the previous problem, some processes may be very sensitive to their memory address space being paged to disk. If an element of code accesses a memory address that is no longer present, or now invalid, the application may not be tolerant of the impending fault and the system or application will become unresponsive.

Problem

System performance may be noticeably slower following a DAT signature update.

System Change

Processes On Enable was enabled in the On Access Scanner properties.

Solution

If you incur one or more of the problems listed in this article, disable the Processes On Enable setting.

IMPORTANT: If you disable this option, a systems restart is required.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.