cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 31 of 38
‎12-03-2014 06:24 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

Thanks. What is your advice for the scenario of upgrading servers 8.8 P4 from their current version? We are planning to do an uninstall of the current version of VSE followed by an install of 8.8 P4. Many of our servers are running VSE 8.7i Patch5 plus hotfixes and due to Engine EOL we have to get those on a subversion of 8.8. Is there less risk in going to 8.8 P2 plus HFs than 8.8 P4? We are forced to P3 (or P4) for Server 2012 and P4 for 2012 R2. We'd much rather use one standard version for all servers and workstations.

Eventually we are hopeful McAfee will have a sufficiently stable version of VSE across all platforms. P4 was touted to be that but I am skeptical, based on my research. I am really hoping McAfee makes P5 good and stable for corporate customers.

0 Kudos
Reply
wwarren
Employee
Employee
Report Inappropriate Content
Message 32 of 38
‎12-03-2014 11:49 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution 

What is your advice for the scenario of upgrading servers 8.8 P4 from their current version? We are planning to do an uninstall of the current version of VSE followed by an install of 8.8 P4

Yeah, it's a decent plan.


Is there less risk in going to 8.8 P2 plus HFs than 8.8 P4?

8.8 P2 + HF778101, followed by a reboot: that incurs less "ongoing risk" in my opinion than 8.8 P4. But as you note, Patch 4 is needed to support newer operating systems.

The issues with Patch 4 are solved in Patch 5; so that is what I'd recommend. And it's more attractive because it's one package to install.

Since that's not available yet, going with Patch 4, the Known Issues article points to workarounds where applicable, and the BSOD issue (KB81529) is solved - as is the issue originally posted for this thread - with the HF929019 mentioned earlier.

Be it Patch 4 + HF929019 or Patch 5, work should be done to validate the code in the environment for reasons cited earlier, being mindful of:

KB83123, Compatibility issue with third-party "hooking" applications when SYSCore 15.3 is installed, and
KB83215, Known Issues - VirusScan Enterprise 8.8 Hotfix 929019 for Patch 4

And maybe this too:

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 33 of 38
‎12-04-2014 07:58 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

HF929019 fixes the BSOD issue (KB81529) and the high CPU load for network from this original thread? That would be great! I just received HF929019 but its release notes state only the following:

This hotfix is intended only for environments that use McAfee Threat Intelligence Exchange and VirusScan Enterprise 8.8 Patch 4. For these environments, this hotfix is mandatory. See KnowledgeBase article KB51560 for information on ratings.

New features

This hotfix provides support for Threat Intelligence Exchange. You must install this hotfix before installing the Threat Intelligence Exchange module for VirusScan Enterprise

This hotfix includes a new release of VSCAN.bof version 693.

This hotfix upgrades VSCore version 15.3, which introduces new drivers and new services and processes.

There isn't mention of it fixing KB81529.

I never heard of the Threat Intelligence Exchange module. Does it matter that we don't use it - in regards to installing this hotfix? Is it going to add that TIE functionality and somehow affect the way VSE works? Or will it sit idle because it is not being used?

As well, I cannot find reference to KB83215 , Known Issues - VirusScan Enterprise 8.8 Hotfix 929019 for Patch 4. Where do I find that?

I would be thrilled if this HF resolves the BSOD issue!

Just want to check out what you mentioned.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 34 of 38
‎12-04-2014 08:05 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

Rgijsen,

You said the POC patch fixed the high CPU issue. Did you confirm that HF929019 also fixed it? From one POC patch I received from McAfee, it is a nasty thing to deploy, whereas a HF is a nice, simple package.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 35 of 38
‎01-08-2015 12:01 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

Hi All,

Just as a workaround i have done the below steps,

1 Disabled the Access protection

2 Rename mfewfpk.sys (take a backup first) which is located in c:\windows\system32\drivers\

3 Enable the access protection.

4 Reboot the OS

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 36 of 38
‎01-26-2015 06:29 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

I have similar issues since removing Sophos and installing VSE 8.8 P4 on Windows servers running Commvault for backups. Disabling MFEWFPK.SYS helped but removed protection on port blocking rules. I was advised by support to try HF929019 to replace the network drivers associated with VSE. After testing HF929019 on a few development servers, I noticed that a few no longer reported VSE and the agent log stated that 'Update failed to version 1263'. To completely fix, VSE has to be reinstalled. My case has been escalated by PS. 

0 Kudos
Reply
rgijsen
Level 8
Report Inappropriate Content
Message 37 of 38
‎03-02-2015 06:21 AM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

Hi, it's been a while but time to give you all an update. A week ago, after a lot of thinking, after tests we rolled out HF929019 through ePO on all servers in our environment. So far we have experienced no issues at all and the performance increase is notable from users perspective In addition the overall CPU load on our Hyper-V environment is lowered by impressive margins during peak-hours. So to be short, so far I am pretty pleased with the hotfix and it solved the performance issues we were having.

0 Kudos
Reply
wwarren
Employee
Employee
Report Inappropriate Content
Message 38 of 38
‎03-02-2015 02:15 PM

Re: VSE 8.8 p4 - High CPU load on network traffic even if all McAfee services disabled

Jump to solution

That's good to hear.

But, for my own sanity, I wanted to make sure you've seen this article on HF929019:  https://kc.mcafee.com/agent/index?page=content&id=KB83215

It lists known issues with that hotfix. In particular I hope your tests are not invalid due to KB83808.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC