Views:

To resolve the issue, do the following:

Log on to the WFBS console.
Go to Security Settings > Group > Configure.
Check if you have the following programs and then exclude the specified folders, files, or extensions:
- Outlook:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  
  .PST
- Windows Update Store:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\SoftwareDistribution\Datastore
- Windows Software Update Services (WSUS) Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <WSUS storage driver letter>:\MSSQL$WSUS
  - <WSUS storage driver letter>:\WSUS
  - <WSUS storage driver letter>:\WsusDatabase
- DHCP Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\dhcp
- DNS Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\dns
- WINS Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\wins
- Print and Document Services (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\Spool\
- Remote Storage Service
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\windows\system32\ntmsdata
- POP3 Connector in Windows Small Business Server (SBS) 2003:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directory:
  - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
  - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming mail
- Internet Information Services (IIS) 6.0 or Web Server role on Windows Server 2003:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\inetpub\wwwroot
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\Windows\system32 \LogFiles
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\windows\IIS Temporary Compressed Files
- Internet Information Services (IIS) 7.0 or Web Server role on Windows Server 2008:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\inetpub\wwwroot\
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\inetpub\logs\
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\inetpub\temp\IIS Temporary Compressed Files
- Microsoft SQL Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <SQL Server Installed folder>\*\OLAP\Data
  - <SQL Server Installed folder>\*\OLAP\Backup
  - <SQL Server Installed folder>\*\OLAP\Log
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .MDF
  - .LDF
  - .NDF
  - .BAK
  - .TRN
- Microsoft SQL Server Failover Cluster:
  Note: The < cluster service account> is the account that the specific account is running for cluster service.
  
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <Quorum driver letter>:\
  - C:\windows\cluster
  - For Windows 2003 only: C:\Documents and Settings\<cluster service account>\Local Settings\Temp\
  - For Windows 2008 only: C:\Users\<cluster service account>\AppData\Local\Temp
- SharePoint Portal Server:
  Note: The<SharePoint service account> is the account that the specific account is running for SharePoint services
  
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Program Files\SharePoint Portal Server
  - C:\Program Files\Common Files\Microsoft Shared\Web Storage System
  - C:\Program Files\Common Files\Microsoft Shared\Web Service Extensions
  - C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions
  - C:\Program Files\Microsoft Office Servers
  - C:\Windows\Temp\Frontpagetempdir
  - C:\Windows\Temp\WebTempDir
  For Windows 2003 only:
  - C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
  - C:\Documents and Settings\<SharePoint service account>\Local Settings\Application Data
  - C:\Documents and Settings\<SharePoint service account>\Local Settings\Temp\
  - C:\Documents and Settings\Default User\Local Settings\Temp
  For Windows 2008 only:
  - C:\Users\<SharePoint service account>\Local
  - C:\Users\<SharePoint service account>\Local\Temp
  - C:\Users\Default\AppData\Local\Temp
  - C: \ProgramData\Microsoft\SharePoint\Config
  For 32-bit platforms:
  - C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
  - C:\Windows\system32\LogFiles
  For 64-bit platforms:
  - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
  - C:\Windows\Syswow64\LogFiles
- Internet Security and Acceleration Server (ISA) Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Program Files\Microsoft ISA Server\ISALogs
  - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Data
- Microsoft Operations Manager Server (MOM) 2005:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
  - C:\Program Files\Microsoft Operations Manager 2005
- Hyper-V
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\ProgramData\Microsoft\Windows\Hyper-V
  - C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
  - C:\ProgramData\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  - For Windows 2008 R2 only: C:\ClusterStorage
  - <Custom virtual machine configuration directories>
  - <Custom virtual hard disk drive directories>
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .AVHD
  - .ISO
  - .VFD
  - .VHD
  - .VSV
  - .XML
- VMWare products:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <the folders that contain the virtual machines >
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .VMDK
  - .VMEM
- Citrix products:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - The roaming profiles folder on the file server>
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .LOG
  - .DAT
  - .TMP
  - .POL
  - .PF
  To enhance the performance on Windows Vista/2008/7, you can go to the Preferences > Global Settings > Desktop/Server in the WFBS console and check the Exclude Shadow Copy sections option.

Keywords: high cpu usage,slow performance Worry-Free,slow due to CoreServiceShell.exe,performance slow down Worry-Free,worry free slow performance,coreserviceshell.exe has high cpu usage,high CPU utilization,sql slow,sql slowness,slow sql,coreserviceshell,Trend Mic

Prevent high CPU usage caused by scanning of programs accessing large amounts of files

Product / Version includes:

Worry-Free Business Security Advanced 8.0

Last updated: 2025/05/08

Solution ID: KA-0002355

Category: Configure

Summary

The WFBS agent's antivirus and anti-spyware real-time scan, scans files for malicious code as they are accessed or created.

When some programs create or modify files rapidly, the Security Agent may use a lot of resource verifying the legitimacy of all file accesses. With the current default settings, the Security Agent will exclude the folders frequently modified by these programs:

Worry-Free Business Security Server
Microsoft Exchange 2000/2003/2007/2010
Active Directory Domain Services (Windows Server Role)

Note: These settings can be modified in the Security Server's web console, under the Preferences > Global Settings > Desktop/Server section.

Some programs or Operating System features do not have default options in WFBS to exclude folders and files from real-time scan. If you encounter performance issues running one of these programs, you can modify the Security Settings in the Security Server's web console.

Important: These security settings will reduce the protection on your computer. For publicly available servers, please review these settings and the nature of the services before applying these settings.

To resolve the issue, do the following:

Log on to the WFBS console.
Go to Security Settings > Group > Configure.
Check if you have the following programs and then exclude the specified folders, files, or extensions:
- Outlook:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  
  .PST
- Windows Update Store:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\SoftwareDistribution\Datastore
- Windows Software Update Services (WSUS) Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <WSUS storage driver letter>:\MSSQL$WSUS
  - <WSUS storage driver letter>:\WSUS
  - <WSUS storage driver letter>:\WsusDatabase
- DHCP Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\dhcp
- DNS Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\dns
- WINS Server (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\wins
- Print and Document Services (Windows Server Role):
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\Windows\system32\Spool\
- Remote Storage Service
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  
  C:\windows\system32\ntmsdata
- POP3 Connector in Windows Small Business Server (SBS) 2003:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directory:
  - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
  - C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming mail
- Internet Information Services (IIS) 6.0 or Web Server role on Windows Server 2003:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\inetpub\wwwroot
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\Windows\system32 \LogFiles
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\windows\IIS Temporary Compressed Files
- Internet Information Services (IIS) 7.0 or Web Server role on Windows Server 2008:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\inetpub\wwwroot\
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\inetpub\logs\
    Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
  - C:\inetpub\temp\IIS Temporary Compressed Files
- Microsoft SQL Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <SQL Server Installed folder>\*\OLAP\Data
  - <SQL Server Installed folder>\*\OLAP\Backup
  - <SQL Server Installed folder>\*\OLAP\Log
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .MDF
  - .LDF
  - .NDF
  - .BAK
  - .TRN
- Microsoft SQL Server Failover Cluster:
  Note: The < cluster service account> is the account that the specific account is running for cluster service.
  
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <Quorum driver letter>:\
  - C:\windows\cluster
  - For Windows 2003 only: C:\Documents and Settings\<cluster service account>\Local Settings\Temp\
  - For Windows 2008 only: C:\Users\<cluster service account>\AppData\Local\Temp
- SharePoint Portal Server:
  Note: The<SharePoint service account> is the account that the specific account is running for SharePoint services
  
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Program Files\SharePoint Portal Server
  - C:\Program Files\Common Files\Microsoft Shared\Web Storage System
  - C:\Program Files\Common Files\Microsoft Shared\Web Service Extensions
  - C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions
  - C:\Program Files\Microsoft Office Servers
  - C:\Windows\Temp\Frontpagetempdir
  - C:\Windows\Temp\WebTempDir
  For Windows 2003 only:
  - C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
  - C:\Documents and Settings\<SharePoint service account>\Local Settings\Application Data
  - C:\Documents and Settings\<SharePoint service account>\Local Settings\Temp\
  - C:\Documents and Settings\Default User\Local Settings\Temp
  For Windows 2008 only:
  - C:\Users\<SharePoint service account>\Local
  - C:\Users\<SharePoint service account>\Local\Temp
  - C:\Users\Default\AppData\Local\Temp
  - C: \ProgramData\Microsoft\SharePoint\Config
  For 32-bit platforms:
  - C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
  - C:\Windows\system32\LogFiles
  For 64-bit platforms:
  - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
  - C:\Windows\Syswow64\LogFiles
- Internet Security and Acceleration Server (ISA) Server:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Program Files\Microsoft ISA Server\ISALogs
  - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Data
- Microsoft Operations Manager Server (MOM) 2005:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
  - C:\Program Files\Microsoft Operations Manager 2005
- Hyper-V
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - C:\ProgramData\Microsoft\Windows\Hyper-V
  - C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
  - C:\ProgramData\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  - For Windows 2008 R2 only: C:\ClusterStorage
  - <Custom virtual machine configuration directories>
  - <Custom virtual hard disk drive directories>
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .AVHD
  - .ISO
  - .VFD
  - .VHD
  - .VSV
  - .XML
- VMWare products:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - <the folders that contain the virtual machines >
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .VMDK
  - .VMEM
- Citrix products:
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
  - The roaming profiles folder on the file server>
  Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
  - .LOG
  - .DAT
  - .TMP
  - .POL
  - .PF
  To enhance the performance on Windows Vista/2008/7, you can go to the Preferences > Global Settings > Desktop/Server in the WFBS console and check the Exclude Shadow Copy sections option.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Prevent high CPU usage caused by scanning of programs accessing large amounts of files

Prevent high CPU usage caused by scanning of programs accessing large amounts of files

Product / Version includes:

Summary