M100798: Known Problem: MBSA 2.0.x may cause high CPU usage making a machine unusable

Summary

When MBSA 2.0.x is used to apply security policy or generate a security analysis you may see high CPU usage.

Symptoms

  • You have deployed Microsoft Baseline Security Analyser (MBSA) 2.0.x
  • When applying security patches through policy, the managed device becomes almost unusable, with high CPU usage (up to 100%) for a long period of time.

Cause

This problem may be caused by one or both of the following:

  • A defect in Windows Installer that occurs when the Windows Update agent performs a scan. This may cause the Windows Update agent (in particular the service host executable) to consume a large amount of CPU and/or memory. The Windows Update agent is invoked through MBSA 2.0.x.
  • A virus scanner running on the computer scanning the <Windows>\SoftwareDistribution directory and its sub-directories. When MBSA 2.0.x performs a scan it extracts the contents of the wsusscan.cab file to the SoftwareDistribution folder. The virus checker and MBSA then fight for resources to get access to the files, resulting in poor response being experienced while MBSA 2.0.x is running.

Resolution

To resolve this issue and improve the performance of MBSA 2.0.x scans, complete the following steps:

  1. Apply an update from Microsoft:

    You receive an access violation when you try to install an update from Windows Update after you apply hotfix package 916089
    http://support.microsoft.com/kb/927891

  2. Stop your virus scanner from scanning the <windows>\SoftwareDistribution directory and its sub-directories.

    For recommendations on what folders should not be scanned by a virus scanner review the following Microsoft KB article:

    Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158

Comments

Powered by Zendesk