I know that this product is new and I’m not sure how many people are running/Evaluating the package other than us, but I have a question. We installed the DSS Software Asset Management peice yesterday morning and it’s been running for a about a day now, but now today, I’ve been getting some reports from user saying that thier system performance is slow and that when they look at thier task manager, it is showing SAMscanner.exe taking up 100% of the CPU. I check several machines and I don’t see it and I’m wondering if it might have anything to do with our McAfee scanning it while it’s doing the “Search for All Executables” action that we have running.
Has anyone else seen this, can I make some modifaction to tell it to only use X amount of CPU?
What we would expect is that the SAMScanner uses a decent amount of CPU, but usually will finish quickly… It sounds like something is wrong because the SAMScanner it is usually disk bound and doesn’t reach full CPU.
One note is that we recommend that you only run software asset management scans during off-peak hours to avoid users being affected…
How long does it take to run? I think on average on our systems it takes less than 2 minutes… If you turn off your AV, does the problem go away?
I’m in the process of doing some test, so I will get you some more info as soon as I can. One thing that I did notice is that the “Uninstall DSS SAM Scanner” does not remove the “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\DSS\SAM” registry key so if i uninstall the scanner and reinstall it, my system never becomes relevent for the “Search for all Executables” task because I get a false on relevances 3 “not exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\DSS\SAM” whose (value “ScannerStatus” of it = “Started”) of registry”. I have to remove the registry key before I reinstall. This probably isn’t a big deal in most cases, but i wanted to apply the “Search for all Executables” task to my system only and change the timing so I could see what was going on.
I stopped the "“Search for all Executables” action that I had running.
Uninstalled the SAMScanner from my system.
re-installed the SAMscanner to my system.
applied the “Search for all Executables” task to my system only using the task defaults.
The SAMScanner.exe process ran for about 20 minutes and the highest CPU I saw was 24 %. The other thing that I saw was that my Mcsheild.exe (McAfee On-Access Scanner) was also running high about 50% CPU so the two together were taking up a lot of CPU. I think that part of our problem is the fact that as the SAMscanner is going out and touching each .EXE file, the on-Access is check each file for a possible virus.
Test 2
I stopped the "“Search for all Executables” action that I had running.
Uninstalled the SAMScanner from my system.
re-installed the SAMscanner to my system.
Turned off McAfee On-Access scan
applied the “Search for all Executables” task to my system only using the task defaults.
The SAMScanner.exe process ran for about 8 minutes and the highest CPU I saw was still about 24 % and the highest I saw the totla CPU usage go to was about 40 %.
So the problem looks to be the way the two processes play together. Now since it is against company policy to turn off On-Access scanning, do you guys have any ideas as to waht we can do?
The SAMScanner.exe’s job is to look at all the exe data on the system and get some info about them (name, path, version, etc.)… I think that really bothers the McAfee Agent who wants to look at everything the SAMScanner.exe is doing, which takes McAfee a lot of time/CPU work, which makes the process slower and use more CPU… I agree that the simple way to solve it is to tell McAfee to exclude SAMScanner.exe for real-time access.
I’ve added the SAMScanner.exe to the exclusion list, but I get the same performace problem. If I watch the On-Access Scann Statistics in McAfee, I see last file scanes shows one .exe file after another. So it looks to me, that because SAMScanner.exe is touching/openning/Accessing/reading each .EXE file to get information out of it, it’s causing the On-Access scan to check it for a virus.
It sounds like your exclusion is not working properly… The SAMScanner appears to be doing its job by checking all the exes to determine which application they are running, but McAfee seems to not be allowing it to work without spiking the CPU…
I feel somewhat guilty about saying this because when looking at a software conflict, it is always easier to blame the other company, but based on the work you have done, it seems to me that your McAfee exclusions are just not working… I think you might need to ask them about it…
I was starting to think the same thing myself!! I was going to call them, but just haven’t gotten the chance. I do that and let everyone know what I find out.
Not to hijack Marty’s thread, but we are getting to run an eval of the Asset Management product. Your note about scheduling scans for off hours sounds great, but we are a global company, with endpoints all over the globe. If we scheduled scans during off hours, we would miss many laptops that are offline, and also many workstations in locales where systems are powered off at night to save power costs.
Any other ideas on scan times versus system performance during scans. My users (many developers) are pretty savvy, and are definitely going to notice and complain about anything that slows down their systems unnecessarily.