KBox Patch detection causes high CPU usage
Hi,
The KACE tech support group recommended posting this here for feedback from KBox users.
Does anyone else use a KBox to deploy patches and also have McAfee Total Protection for Small Business (a.k.a. Sonicwall Network Antivirus)?
Whenever a patch detection is run on our clients, the CPU usage climbs to 100% on single-core systems, and about 25% on quad-core systems, for the duration of the detection. Single-core systems will bog down so much they are unusable during the detection process.
I tried adding the KACE agent program directory to the exclusion list, but it hasn't made a difference thus far. I have tested disabling all the extra features (heuristic scanning and such), to no avail.
Has anyone else experienced this and figured out a solution or work around?
Thanks,
djz
The KACE tech support group recommended posting this here for feedback from KBox users.
Does anyone else use a KBox to deploy patches and also have McAfee Total Protection for Small Business (a.k.a. Sonicwall Network Antivirus)?
Whenever a patch detection is run on our clients, the CPU usage climbs to 100% on single-core systems, and about 25% on quad-core systems, for the duration of the detection. Single-core systems will bog down so much they are unusable during the detection process.
I tried adding the KACE agent program directory to the exclusion list, but it hasn't made a difference thus far. I have tested disabling all the extra features (heuristic scanning and such), to no avail.
Has anyone else experienced this and figured out a solution or work around?
Thanks,
djz
0 Comments
[ + ] Show comments
Answers (10)
Please log in to answer
Posted by:
TrAsHeR
12 years ago
I'm resurrecting an old post, any development with this problem? Here's my findings.
Test environment:
Windows XP SP3 32bits with
- McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8.0.777
Scan engine version (32 bits): 5400.1158
- McAfee SiteAdvisor Enterprise Plus 3.0.0.638
- System Compliance Profiler 2.0.0.189
- McAfee Agent 4.6.0.2292
During detecting phase, it's svchost.exe process that's taking high CPU usage. It's often reaching 100% usage on single core system, 50% on dual core, 25% on quad core and so on. Maybe it's just programmed to take all % CPU usage available when it should be better if they set a cap around 75%.
I found something interesting...the svchost.exe timeframe is around 45sec and then after that it's mcshield.exe for about 30sec (sometimes it could be long as svchost.exe at 45sec). I saw this problem on both single core and dual core system using McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8.0.777.
After updating the AV to 8.8.0.849, the problem was gone on dual core system but still present on single core system.
So I opened a ticket on KACE support to see if they could provide me an AV exclusion list. It could help.
Posted by:
airwolf
14 years ago
I don't use the security patching portion of the KBOX (we still use WSUS), but I remember hearing that the KBOX agent uses the Windows Update Agent to detect patches. Do your systems hang if you attempt to update from windowsupdate.microsoft.com?
Posted by:
zookdj
14 years ago
Thanks for the reply. We had used SCE (which uses Windows Update/Automatic Updates service on the client) to deploy patches before the KBox, and that never caused significant issues like this. Some times people with slower systems could tell when updates were being detected or applied, but with the KBox agent the detection process made the system unusable. For example, when I looked at it, I would wait about 2-3 minutes after pressing Ctrl+Shift+Esc before the Task Manager program would appear.
Note that, so far, only older systems are completely unusable during the detection process. Perhaps there is a minimum system requirement for the KBox Agent?
Note that, so far, only older systems are completely unusable during the detection process. Perhaps there is a minimum system requirement for the KBox Agent?
Posted by:
airwolf
14 years ago
Here are the agent system requirements from the KBOX Admin Guide:
System Requirements for KBOX Agents
System requirements to install the KBOX Agent are:
Windows:
- Vista (32-bit and 64-bit)
- Windows 2003 (32-bit and 64-bit)
- Windows XP (32-bit and 64-bit)
- Windows 2000 (32-bit)
- Microsoft Windows Server 2008 (32-bit and 64-bit)
All Windows platforms require Microsoft Internet Explorer 5.01 or greater and Microsoft .NET Framework
1.1/2.0, 90 MHz or faster processor, and 128 MB RAM & 10MB free disk space (minimum).
Microsoft Windows KBOX agents of version 3.0 or later will work with .NET Framework 2.0.
Linux:
- Red Hat Enterprise Linux (RHEL) 3, 4, and 5 (32-bit)
Macintosh®:
- Mac OS X v10.6 Intel and PowerPC (aka Snow Leopard; your KBOX 1000 Series appliance supports the pre-release version and will support the final version when it ships).
- Mac OS X 10.5 Intel and PowerPC
- Mac OS X 10.4 Intel and PowerPC
Posted by:
zookdj
14 years ago
Thanks.
I'm double-checking the McAfee Total Protection system requirements next and comparing them to the known problem systems.
Anyone else using McAfee for your A/V?
I'm double-checking the McAfee Total Protection system requirements next and comparing them to the known problem systems.
Anyone else using McAfee for your A/V?
Posted by:
airwolf
14 years ago
We use McAfee Total Protection, but we use the Enterprise versions. We haven't had any issues with KBOX Agent vs. McAfee AV/AS/HIPS/EPO.
Posted by:
zookdj
14 years ago
I found this
Installation Guide which only mentions that, for Windows XP, the system should have at least 512 MB of RAM, with 1 GB recommended. The system that had the worst trouble has 1 GB of RAM and a 2.4 Ghz P4 processor.
If anyone else is running McAfee and using the KBox for patch detection, please post a message here.
Installation Guide which only mentions that, for Windows XP, the system should have at least 512 MB of RAM, with 1 GB recommended. The system that had the worst trouble has 1 GB of RAM and a 2.4 Ghz P4 processor.
If anyone else is running McAfee and using the KBox for patch detection, please post a message here.
Posted by:
zookdj
14 years ago
Thanks Airwolf.
Did you make any configuration changes to McAfee when you deployed the KBox agent?
Did you make any configuration changes to McAfee when you deployed the KBox agent?
Posted by:
airwolf
14 years ago
No, but it could definitely be a configuration issue with McAfee. We've had issues in the past with other applications butting heads with McAfee AV. It can be difficult to track down the issue though... Have you tried disabling McAfee completely and running the KBOX updates? This would at least tell you if it's an issue with the machine/KBOX agent or something related to McAfee.
Posted by:
zookdj
14 years ago
Yes, if MAV real-time scanning is disabled the system isn't so slow, although it still has higher than usual CPU usage, but I suppose that is to be expected when doing a patch detection.
It only becomes unusable when both the real-time scanning (mcshield.exe) and the patch detection are both on.
For right now I'm planning on working around the issue by running the patch detection early in the morning, after the system is automatically booted and before the users are expected to arrive.
It only becomes unusable when both the real-time scanning (mcshield.exe) and the patch detection are both on.
For right now I'm planning on working around the issue by running the patch detection early in the morning, after the system is automatically booted and before the users are expected to arrive.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.