High CPU Caused by CoreServiceShell

29/7/2015 HighCPUcausedbyCoreServiceShell.exeinWorryFreeBusinessSecurity

http://esupport.trendmicro.com/solution/enUS/1059182.aspx 1/7

TheWFBSagent'santivirusandantispywarerealtimescan,scansfilesformaliciouscodeastheyareaccessedorcreated.

Whensomeprogramscreateormodifyfilesrapidly,theSecurityAgentmayusealotofresourceverifyingthelegitimacyofallfileaccesses.Withthecurrentdefaultsettings,theSecurityAgentwillexcludethefoldersfrequentlymodifiedbytheseprograms:

WorryFreeBusinessSecurityServer

MicrosoftExchange2000/2003/2007/2010

ActiveDirectoryDomainServices(WindowsServerRole)

Note:ThesesettingscanbemodifiedintheSecurityServer'swebconsole,underthePreferences>GlobalSettings>Desktop/Serversection.

SomeprogramsorOperatingSystemfeaturesdonothavedefaultoptionsinWFBStoexcludefoldersandfilesfromrealtimescan.Ifyouencounterperformanceissuesrunningoneoftheseprograms,youcanmodifytheSecuritySettingsintheSecurityServer'swebconsole.

Important:Thesesecuritysettingswillreducetheprotectiononyourcomputer.Forpubliclyavailableservers,pleasereviewthesesettingsandthenatureoftheservicesbeforeapplyingthesesettings.

BusinessSupport(/enus/business/default.aspx)

MENU

PreventhighCPUusagecausedbyscanningofprogramsaccessinglargeamountsoffilesSolutionID:1059182

LastUpdated:Feb.20,201411:03AM(PST)

MOREDETAILS

SUMMARY

DETAILS

Toresolvetheissue,dothefollowing:

1. LogontotheWFBSconsole.

2. GotoSecuritySettings>Group>Configure.

3. Checkifyouhavethefollowingprogramsandthenexcludethespecifiedfolders,files,orextensions:
http://esupport.trendmicro.com/en-us/business/default.aspx



Outlook:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:

.PST

WindowsUpdateStore:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\Windows\SoftwareDistribution\Datastore

WindowsSoftwareUpdateServices(WSUS)Server:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

:\MSSQL$WSUS

:\WSUS

:\WsusDatabase

DHCPServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\Windows\system32\dhcp

DNSServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\Windows\system32\dns

WINSServer(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\Windows\system32\wins

PrintandDocumentServices(WindowsServerRole):GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\Windows\system32\Spool\

RemoteStorageServiceGotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\windows\system32\ntmsdata

POP3ConnectorinWindowsSmallBusinessServer(SBS)2003:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectory:

C:\ProgramFiles\MicrosoftWindowsSmallBusinessServer\Networking\POP3\FailedMail

C:\ProgramFiles\MicrosoftWindowsSmallBusinessServer\Networking\POP3\Incomingmail

InternetInformationServices(IIS)6.0orWebServerroleonWindowsServer2003:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:



C:\inetpub\wwwrootNote:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.

C:\Windows\system32\LogFilesNote:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.

C:\windows\IISTemporaryCompressedFiles

InternetInformationServices(IIS)7.0orWebServerroleonWindowsServer2008:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\inetpub\wwwroot\Note:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.

C:\inetpub\logs\Note:ThismaydependonyourIISconfiguration.Youmightneedmultiplefolderswhenmultiplewebsitesareconfigured.

C:\inetpub\temp\IISTemporaryCompressedFiles

MicrosoftSQLServer:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

\*\OLAP\Data

\*\OLAP\Backup

\*\OLAP\Log

GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingextensions:

.MDF

.LDF

.NDF

.BAK

.TRN

MicrosoftSQLServerFailoverCluster:Note:Theistheaccountthatthespecificaccountisrunningforclusterservice.

GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

:\

C:\windows\cluster



ForWindows2003only:C:\DocumentsandSettings\\LocalSettings\Temp\

ForWindows2008only:C:\Users\\AppData\Local\Temp

SharePointPortalServer:Note:TheistheaccountthatthespecificaccountisrunningforSharePointservices

GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\ProgramFiles\SharePointPortalServer

C:\ProgramFiles\CommonFiles\MicrosoftShared\WebStorageSystem

C:\ProgramFiles\CommonFiles\MicrosoftShared\WebServiceExtensions

C:\ProgramFiles\CommonFiles\MicrosoftShared\WebServerExtensions

C:\ProgramFiles\MicrosoftOfficeServers

C:\Windows\Temp\Frontpagetempdir

C:\Windows\Temp\WebTempDir

ForWindows2003only:

C:\DocumentsandSettings\AllUsers\ApplicationData\Microsoft\SharePoint\Config

C:\DocumentsandSettings\\LocalSettings\ApplicationData

C:\DocumentsandSettings\\LocalSettings\Temp\

C:\DocumentsandSettings\DefaultUser\LocalSettings\Temp

ForWindows2008only:

C:\Users\\Local

C:\Users\\Local\Temp

C:\Users\Default\AppData\Local\Temp

C:\ProgramData\Microsoft\SharePoint\Config

For32bitplatforms:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\TemporaryASP.NETFiles

C:\Windows\system32\LogFiles

For64bitplatforms:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\TemporaryASP.NETFiles



C:\Windows\Syswow64\LogFiles

InternetSecurityandAccelerationServer(ISA)Server:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\ProgramFiles\MicrosoftISAServer\ISALogs

C:\ProgramFiles\MicrosoftSQLServer\MSSQL$MSFW\Data

MicrosoftOperationsManagerServer(MOM)2005:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\DocumentsandSettings\AllUsers\ApplicationData\Microsoft\MicrosoftOperationsManager

C:\ProgramFiles\MicrosoftOperationsManager2005

HyperVGotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

C:\ProgramData\Microsoft\Windows\HyperV

C:\Users\Public\Documents\HyperV\VirtualHardDisks

C:\ProgramData\ProgramData\Microsoft\Windows\HyperV\Snapshots

ForWindows2008R2only:C:\ClusterStorage


.AVHD

.ISO

.VFD

.VHD

.VSV

.XML

VMWareproducts:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:


.VMDK



.VMEM

Citrixproducts:GotoAntivirus/Antispyware>Target>Donotscanfileswiththefollowingdirectories:

Theroamingprofilesfolderonthefileserver>


.LOG

.DAT

.TMP

.POL

.PF

ToenhancetheperformanceonWindowsVista/2008/7,youcangotothePreferences>GlobalSettings>Desktop/ServerintheWFBSconsoleandchecktheExcludeShadowCopysectionsoption.

Didthisarticlehelpyou? Yes No

RELATEDARTICLES

TechnicalSupport:WorryFreeBusinessSecurity8.0(http://esupport.trendmicro.com/enus/business/pages/technicalsupport/worryfreebusinesssecurity80support.aspx)

ContactSupport

(/enus/business/pages/contactsupport.aspx)

DownloadCenter

(http://downloadcenter.trendmicro.com/)

ProductDocumentation

(http://docs.trendmicro.com/enus/home.aspx)

SupportPolicies

(/enus/business/pages/supportpolicies.aspx)

ProductVulnerability

(/enus/business/pages/vulnerability

response.aspx)

Feedback

BusinessSupportHome(/enus/business/default.aspx) LegalPolicies&Privacy(http://www.trendmicro.com/us/aboutus/legalpolicies/index.html) SiteMap(/enus/business/sitemap.aspx)
http://esupport.trendmicro.com/en-us/business/sitemap.aspxhttp://docs.trendmicro.com/en-us/home.aspxhttp://downloadcenter.trendmicro.com/http://esupport.trendmicro.com/en-us/business/pages/support-policies.aspxhttp://esupport.trendmicro.com/en-us/business/pages/vulnerability-response.aspxhttp://esupport.trendmicro.com/en-us/business/pages/technical-support/worry-free-business-security-8-0-support.aspxhttp://www.trendmicro.com/us/about-us/legal-policies/index.htmlhttp://esupport.trendmicro.com/en-us/business/default.aspxhttp://esupport.trendmicro.com/en-us/business/pages/contact-support.aspx