McAfee mcshield.exe intercepting all HTMLViewer loads

McAfee mcshield.exe intercepting all HTMLViewer loads - seriously degrading performance.

We have a desktop tool that internal corporate users use, as well as freelance translators around the world. For our corporate users, we’ve been seeing seriously degraded performance since we switched from Symantec to McAfee. The app makes extensive use of HTMLviewer, which, on Windows, uses IE. The app generates HTML files in response to various user actions, and then displays them to the user. The pages are built and reloaded potentially hundreds of times per day, for a full-time user. On each page load, mcshield pops up and scans the file, stealing away seconds from the user. A typical page might be 400K, but it could be larger. It’s highly annoying to users.

The problem is that we have had IT update the McAfee policy so that it doesn’t look in the 2 folders we write to (and thus read from). This actually made no difference at all. I tested by loading one of the pages manually into the actual IE app, and sure enough, McShield.exe popped up and intercepted/scanned the file before IE could display it. Same length of time as we see in the tool. IT doesn’t have any more ideas at this point.

Does anyone have any experience with McAfee and Xojo that might help us? Some things we’ve considered:

  • stop writing files out to disk, and just passing a string directly to HTMLviewer.loadPage. Tried this, but it makes 0 difference.
  • refactor and try using the webkit option on windows. No idea if that would help, because maybe McAfee can intercept that as well?
  • pulling out remaining hair, stomping on ground, and leaving for the day (<-- S.O.P.)

Anybody have any ideas??

On Windows, I’m pretty sure HTMLViewer writes the string out to a temp file in %tmp% anyway when you call loadPage with a string. So unless IT is willing to exempt %tmp% from virus scanning, that won’t help.

The solution you tried (exempting certain folders from scanning) sounds right - could the settings have been made incorrectly? Or, could your HTML be loading other resources (such as Images) which are themselves from a non-exempt folder?

Another idea: most virus software lets one exempt an entire application from scanning (WhiteListing) - is that possible?

Another idea: are you sure that the folder is where you think it is? Windows 7 does some weird folder virtualizing so that even if you think you are writing to C:/path/to/my/file you may be actually writing to another folder location that the OS has “fixed” for you.
See http://support.microsoft.com/kb/927387

My only experience with McAfee has been removing it wherever I find it.

Thanks for replies guys. So, first off, it finds webkit/chromium loads as well, so that doesn’t help.

I did check through all the write operations and the HTML and everything I could think of, and I’m 99% sure everything it loads is right in that one “blessed” folder. I tried to check that by searching windows for last updated files. I saved something so I had a datetime to use as a reference, then I forced a page to be re-made/loaded in the tool. The only activity was in the blessed directory.

I guess I can check with IT that the McAfee policy change includes nested folders, I assumed that it did, but didn’t actually ask.

They did the policy action on a virtual folder, as it was described to me anyway:
C:\%username%\AppData\Roaming\(tool name here)\
C:\%username%\AppData\Local\Temp\(tool name here)\
I think that should work.

I know that at least one of the blessed folder actions they did worked, because opening a (non-HTML) file went from 2 minutes back to 10 seconds, and those files are read from the other folder I had them bless.

They also put the tool itself on the whitelist.

Eek. Short of completely refactoring and going to a listbox control, I’m about out of ideas here. The htmlviewer has been such a great tool for us, because we do a lot of formatting, and table views, and the Xojo listboxes don’t have dynamic row height or anything.

Could u convert the html into PDF on the fly? I’ve seen some other members using something like that (not necessarily because of ur problem).

Oops! I was wrong about webkit/chromium. My little test project was setting the renderer property in code, not in the IDE. When I rebuilt, it opened the 5 second delay file instantly, no mcshield.exe popping up in the task manager.

Darn thing must have it’s hooks deep into IE.

Anyway, there goes another 20MBs on the package size, but whatever, it works :slight_smile:

Langue: I don’t think PDF would work in this case, because we update individual cells in the HTML, via javascript, as the user edits the translations.

@Micah Bly You might wont run this tool (Process Monitor) from Microsoft on your windows platform. This will give you an idea which file is accessed: https://technet.microsoft.com/en-us/sysinternals/bb896645