locked
Slow performance for Windows XP SP3 FCS clients RRS feed

  • Question

  • Forefront Client Security has severe performance issues on Windows XP running SP3, and there are no clear remedies to this on the web, in the Forefront docs or on Technet outside of either disabling the real-time scanner or ditching FCS altogether. We are a Microsoft Gold Partner and actually would like to sell and implement FCS to our clients, but we can't in good faith do that knowing that there will be numerous performance bottlenecks throughout their company. A client isn't going to want us to tell them that their new AV solution that we sold them is such a CPU hog that it literally requires them to replace all their workstations with PCs loaded with 64-bit Vista with 4 GBs of RAM just to run the way it ran when they were using CA.

    MsMpEng.exe seems to be the culprit (spiking to 80-100% CPU usage all the time), but I'm sure MOMService.exe, MOMHost.exe and MSASCui.exe aren't helping matters either. Has anyone come up with any solutions to tweaking performance on FCS that doesn't involve removing it and installing AVG instead?

    Thursday, January 29, 2009 3:53 PM

Answers

  • The above needs further investigation and we have a huge number of customers including Microsoft itself using FCS in business critical servers and workstations. MsMpEng.exe may consume %100 CPU during a full/quick scan and this is expected as a large amount of IO needs to be performed. If when FCS is idle, not performing a scan, you get %100 CPU then CSS will investigate this, will let you know why it happens and also prove to you that it is not reproducible on all the systems where it is supported and can be installed. As you are a Gold Partner, do open a case with us with your findings and you will get details and an explanation to what you're experiencing. I assure that the above generalization is not technically correct and a definitive answer will surely exist.


    Oguzhan Filizlibay | Security Escalation Engineer | Microsoft EMEA CSS Security
    Thursday, October 1, 2009 11:36 PM

All replies

  • Hey KTMrris

    To know more about this can you send me the detailed log file. You can find the detailed log file  at the below location abd can send me to my email id montyj@microsoft.com

     c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Support\MPLOG*(some file which starts with MPLOG) (This is if you have win xp)

    On the side note this can also happen if you have other AV product installed  togather with FCS

     

    thanks

    Monty 


    Monty Jain
    Friday, January 30, 2009 6:38 AM
  • Has there been any findings here?

    Jim
    Monday, September 21, 2009 12:48 PM
  • The above needs further investigation and we have a huge number of customers including Microsoft itself using FCS in business critical servers and workstations. MsMpEng.exe may consume %100 CPU during a full/quick scan and this is expected as a large amount of IO needs to be performed. If when FCS is idle, not performing a scan, you get %100 CPU then CSS will investigate this, will let you know why it happens and also prove to you that it is not reproducible on all the systems where it is supported and can be installed. As you are a Gold Partner, do open a case with us with your findings and you will get details and an explanation to what you're experiencing. I assure that the above generalization is not technically correct and a definitive answer will surely exist.


    Oguzhan Filizlibay | Security Escalation Engineer | Microsoft EMEA CSS Security
    Thursday, October 1, 2009 11:36 PM