Hi all. Today I would like to bring to your attention an issue we have been seeing lately that very well may effect those of you in a corporate environment. McAfee has recently released information about this issue on their web site.
The issue is that one or multiple servers may become unresponsive or start failing in any of their installed roles. Some of the possible symptoms are:
- · Slow file access
- · Slow read/writes from an application
- · Server unresponsive/hangs
- · Slow SQL Server performance
- · IIS Hangs
- · Inability to connect remotely via RDP
Further investigation may reveal that any number of processes are running high CPU or memory, or all combined are depleting the system of resources. It may not be evident what is causing the issue; just that many processes combined are most likely involved.
This can occur if McAfee Access Protection and Buffer Overflow Protection are installed. There is a known issue where severe performance degradation may occur during the scanning or monitoring of the following processes:
Disabling the services does not actually remove the drivers, so you may see the issue even if you turn off the suspect functionality. The two drivers involved are:
a. MFEAPFK.SYS McAfee, Inc. Access Protection Filter Driver
b. MFEBOPK.SYS McAfee, Inc. Buffer Overflow Protection Driver
Due to the overhead placed on some applications by McAfee Access Protection and Buffer Overflow Protection, McAfee recommends disabling and removing these to resolve performance issues. This hotfix will remove the filter drivers and disable the associated services.
For more info, please see the following articles on McAfee’s web site:
List of Processes Protected by Buffer Overflow Protection
Access Protection and Buffer Overflow Protection drivers remain loaded when disabled
VirusScan Enterprise and Buffer Overflow Protection (Master Article)
Tim Newton with special contribution by John Dickson