Upload
dimkirk
View
14
Download
2
Embed Size (px)
DESCRIPTION
Instructions
Citation preview
29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 1/7
TheWFBSagent'santivirusandantispywarerealtimescan,scansfilesformaliciouscodeastheyareaccessedorcreated.
Whensomeprogramscreateormodifyfilesrapidly,theSecurityAgentmayusealotofresourceverifyingthelegitimacyofallfileaccesses.Withthecurrentdefaultsettings,theSecurityAgentwillexcludethefoldersfrequentlymodifiedbytheseprograms:
WorryFreeBusinessSecurityServer
MicrosoftExchange2000/2003/2007/2010
ActiveDirectoryDomainServices(WindowsServerRole)
Note:ThesesettingscanbemodifiedintheSecurityServer'swebconsole,underthePreferences>GlobalSettings>Desktop/Serversection.
SomeprogramsorOperatingSystemfeaturesdonothavedefaultoptionsinWFBStoexcludefoldersandfilesfromrealtimescan.Ifyouencounterperformanceissuesrunningoneoftheseprograms,youcanmodifytheSecuritySettingsintheSecurityServer'swebconsole.
Important:Thesesecuritysettingswillreducetheprotectiononyourcomputer.Forpubliclyavailableservers,pleasereviewthesesettingsandthenatureoftheservicesbeforeapplyingthesesettings.
BusinessSupport(/enus/business/default.aspx)
MENU
PreventhighCPUusagecausedbyscanningofprogramsaccessinglargeamountsoffilesSolutionID:1059182
LastUpdated:Feb.20,201411:03AM(PST)
MOREDETAILS
SUMMARY
DETAILS
Toresolvetheissue,dothefollowing:
1. LogontotheWFBSconsole.
2. GotoSecuritySettings>Group>Configure.
3. Checkifyouhavethefollowingprogramsandthenexcludethespecifiedfolders,files,orextensions:
http://esupport.trendmicro.com/en-us/business/default.aspx29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 2/7
Outlook:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:
.PST
WindowsUpdateStore:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\Windows\SoftwareDistribution\Datastore
WindowsSoftwareUpdateServices(WSUS)Server:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
:\MSSQL$WSUS
:\WSUS
:\WsusDatabase
DHCPServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\Windows\system32\dhcp
DNSServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\Windows\system32\dns
WINSServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\Windows\system32\wins
PrintandDocumentServices(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\Windows\system32\Spool\
RemoteStorageServiceGotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\windows\system32\ntmsdata
POP3ConnectorinWindowsSmallBusinessServer(SBS)2003:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectory:
C:\ProgramFiles\MicrosoftWindowsSmallBusinessServer\Networking\POP3\FailedMail
C:\ProgramFiles\MicrosoftWindowsSmallBusinessServer\Networking\POP3\Incomingmail
InternetInformationServices(IIS)6.0orWebServerroleonWindowsServer2003:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 3/7
C:\inetpub\wwwrootNote:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.
C:\Windows\system32\LogFilesNote:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.
C:\windows\IISTemporaryCompressedFiles
InternetInformationServices(IIS)7.0orWebServerroleonWindowsServer2008:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\inetpub\wwwroot\Note:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.
C:\inetpub\logs\Note:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.
C:\inetpub\temp\IISTemporaryCompressedFiles
MicrosoftSQLServer:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
\*\OLAP\Data
\*\OLAP\Backup
\*\OLAP\Log
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:
.MDF
.LDF
.NDF
.BAK
.TRN
MicrosoftSQLServerFailoverCluster:Note:Theistheaccountthatthespecificaccountisrunningforclusterservice.
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
:\
C:\windows\cluster
29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 4/7
ForWindows2003only:C:\DocumentsandSettings\\LocalSettings\Temp\
ForWindows2008only:C:\Users\\AppData\Local\Temp
SharePointPortalServer:Note:TheistheaccountthatthespecificaccountisrunningforSharePointservices
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\ProgramFiles\SharePointPortalServer
C:\ProgramFiles\CommonFiles\MicrosoftShared\WebStorageSystem
C:\ProgramFiles\CommonFiles\MicrosoftShared\WebServiceExtensions
C:\ProgramFiles\CommonFiles\MicrosoftShared\WebServerExtensions
C:\ProgramFiles\MicrosoftOfficeServers
C:\Windows\Temp\Frontpagetempdir
C:\Windows\Temp\WebTempDir
ForWindows2003only:
C:\DocumentsandSettings\AllUsers\ApplicationData\Microsoft\SharePoint\Config
C:\DocumentsandSettings\\LocalSettings\ApplicationData
C:\DocumentsandSettings\\LocalSettings\Temp\
C:\DocumentsandSettings\DefaultUser\LocalSettings\Temp
ForWindows2008only:
C:\Users\\Local
C:\Users\\Local\Temp
C:\Users\Default\AppData\Local\Temp
C:\ProgramData\Microsoft\SharePoint\Config
For32bitplatforms:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\TemporaryASP.NETFiles
C:\Windows\system32\LogFiles
For64bitplatforms:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\TemporaryASP.NETFiles
29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 5/7
C:\Windows\Syswow64\LogFiles
InternetSecurityandAccelerationServer(ISA)Server:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\ProgramFiles\MicrosoftISAServer\ISALogs
C:\ProgramFiles\MicrosoftSQLServer\MSSQL$MSFW\Data
MicrosoftOperationsManagerServer(MOM)2005:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\DocumentsandSettings\AllUsers\ApplicationData\Microsoft\MicrosoftOperationsManager
C:\ProgramFiles\MicrosoftOperationsManager2005
HyperVGotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
C:\ProgramData\Microsoft\Windows\HyperV
C:\Users\Public\Documents\HyperV\VirtualHardDisks
C:\ProgramData\ProgramData\Microsoft\Windows\HyperV\Snapshots
ForWindows2008R2only:C:\ClusterStorage
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:
.AVHD
.ISO
.VFD
.VHD
.VSV
.XML
VMWareproducts:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:
.VMDK
29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity
http://esupport.trendmicro.com/solution/enUS/1059182.aspx 6/7
.VMEM
Citrixproducts:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:
Theroamingprofilesfolderonthefileserver>
GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:
.LOG
.DAT
.TMP
.POL
.PF
ToenhancetheperformanceonWindowsVista/2008/7,youcangotothePreferences>GlobalSettings>Desktop/ServerintheWFBSconsoleandchecktheExcludeShadowCopysectionsoption.
Didthisarticlehelpyou? Yes No
RELATEDARTICLES
TechnicalSupport:WorryFreeBusinessSecurity8.0(http://esupport.trendmicro.com/enus/business/pages/technicalsupport/worryfreebusinesssecurity80support.aspx)
ContactSupport
(/enus/business/pages/contactsupport.aspx)
DownloadCenter
(http://downloadcenter.trendmicro.com/)
ProductDocumentation
(http://docs.trendmicro.com/enus/home.aspx)
SupportPolicies
(/enus/business/pages/supportpolicies.aspx)
ProductVulnerability
(/enus/business/pages/vulnerability
response.aspx)
Feedback
BusinessSupportHome(/enus/business/default.aspx) LegalPolicies&Privacy(http://www.trendmicro.com/us/aboutus/legalpolicies/index.html) SiteMap(/enus/business/sitemap.aspx)
http://esupport.trendmicro.com/en-us/business/sitemap.aspxhttp://docs.trendmicro.com/en-us/home.aspxhttp://downloadcenter.trendmicro.com/http://esupport.trendmicro.com/en-us/business/pages/support-policies.aspxhttp://esupport.trendmicro.com/en-us/business/pages/vulnerability-response.aspxhttp://esupport.trendmicro.com/en-us/business/pages/technical-support/worry-free-business-security-8-0-support.aspxhttp://www.trendmicro.com/us/about-us/legal-policies/index.htmlhttp://esupport.trendmicro.com/en-us/business/default.aspxhttp://esupport.trendmicro.com/en-us/business/pages/contact-support.aspx