Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied (900638)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Media Center Edition 2005
- Microsoft Windows XP Media Center Edition 2004
- Microsoft Windows XP Media Center Edition 2002
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Professional 64-Bit Edition (Itanium) 2003
- Microsoft Windows XP Professional 64-Bit Edition (Itanium)
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition 2005
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Systems Management Server
- Microsoft Baseline Security Analyzer 2.0
SYMPTOMSConsider the following scenario. You are running antivirus software on the computer. Either of the following actions occurs: - The Wsusscan.cab file is copied to a local computer.
- The Wsusscan.cab file is copied from a folder on a local computer to a different folder on the same local computer.
Note The Wsusscan.cab file may be copied by Microsoft Systems Management Server (SMS) or the Microsoft Baseline Security Analyzer (MBSA) to perform an offline security scan. After either of the previous actions occurs, you may experience one or more of the following symptoms: - CPU use may increase to 100 percent.
- The computer may be slow to respond.
- The computer may appear to stop responding.
- Virus scanning may take a long time.
- The virus scanning process may quit or may time out.
- System resources may become low and may not be recoverable.
Note The symptoms that you experience depend on the antivirus software that you are using and the scan options, such as scanning inside archived files, that you have configured. CAUSEThis issue occurs because the antivirus software on the computer scans the Wsusscan.cab file. WORKAROUNDTo work around this issue, configure the antivirus software by using any one of the following methods. Notes- The antivirus software that you use may not support the following methods.
- These methods are listed in order from least risky to most risky.
- If you do not want to use the methods described in this article to work around this problem, and if you are using the SMS 2003 Inventory Tool for Microsoft Updates to perform software update scans, you can schedule those scans during non-business hours. By scanning after business hours, end-users are less likely to notice any affect on the performance of the computer that is being scanned.
Method 1Exclude the Wsusscan.cab file from the antivirus scan. Notes- Because the Wsusscan.cab file contains several nested cabinet files, excluding only the Wsusscan.cab file is not typically sufficient to reduce unusually high CPU usage. To significantly reduce CPU usage, also exclude nested cabinet files that are within the Wsusscan.cab file.
- If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method.
Method 2Exclude all .cab files from the antivirus scan. Note If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method. Method 3Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process. Exclude all archived files from the antivirus scan. Method 4Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process. Exclude the following items from the antivirus scan: - The folder in which the Wsusscan.cab file is located.
- The path of the Wsusscan.cab file on the local computer.
| Modification Type: | Minor | Last Reviewed: | 10/6/2005 |
|---|
| Keywords: | kbSECAntiVirus kbExpertiseInter kbExpertiseAdvanced kbtshoot kbprb KB900638 kbAudEndUser |
|---|
|