Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied

Article translations Article translations
Article ID: 900638 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario. You are running antivirus software on the computer. Either of the following actions occurs:
  • The Wsusscan.cab file or the Wsusscn2.cab file is copied to a local computer.
  • The Wsusscan.cab file or the Wsusscn2.cab file is copied from a folder on a local computer to a different folder on the same local computer.
Note The Wsusscan.cab file or the Wsusscn2.cab file may be copied by Microsoft Systems Management Server (SMS) or the Microsoft Baseline Security Analyzer (MBSA) to perform an offline security scan.

After either of the previous actions occurs, you may experience one or more of the following symptoms:
  • CPU use may increase to 100 percent.
  • The computer may be slow to respond.
  • The computer may appear to stop responding.
  • Virus scanning may take a long time.
  • The virus scanning process may quit or may time out.
  • System resources may become low and may not be recoverable.
Note The symptoms that you experience depend on the antivirus software that you are using and the scan options, such as scanning inside archived files, that you have configured.

CAUSE

This issue occurs because the antivirus software on the computer scans the Wsusscan.cab file or the Wsusscn2.cab file.

WORKAROUND

To work around this issue, configure the antivirus software by using any one of the following methods.

Notes
  • The antivirus software that you use may not support the following methods.
  • These methods are listed in order from least risky to most risky.
  • If you do not want to use the methods described in this article to work around this problem, and if you are using the SMS 2003 Inventory Tool for Microsoft Updates to perform software update scans, you can schedule those scans during non-business hours. By scanning after business hours, end-users are less likely to notice any affect on the performance of the computer that is being scanned.

Method 1

Exclude the Wsusscan.cab file and the Wsusscn2.cab file from the antivirus scan.

Notes
  • Because the Wsusscan.cab file and the Wsusscn2.cab file contain several nested cabinet files, excluding only these files is not typically sufficient to reduce unusually high CPU usage. To significantly reduce CPU usage, also exclude nested cabinet files that are within the Wsusscan.cab file and the Wsusscn2.cab file.
  • If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method.

Method 2

Exclude all .cab files from the antivirus scan.

Note If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method.

Method 3

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

Exclude all archived files from the antivirus scan.

Method 4

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

Exclude the following items from the antivirus scan:
  • The folder in which the Wsusscan.cab file or the Wsusscn2.cab file is located.
  • The path of the Wsusscan.cab file or the Wsusscn2.cab file on the local computer.

MORE INFORMATION

The Wsusscan.cab file and the Wsusscn2.cab file are archive-based files. These files contain security-related update metadata. This metadata is used for scanning for updates that are available on Microsoft Update and which apply to the computer against which the scan is being run. The Wsusscan.cab file or the Wsusscn2.cab file is used to perform a scan of the computer locally, in an offline manner, without having to be connected to the Microsoft Update Web site.

For more information about offline scanning and Windows Update Agent (WUA), visit the following Microsoft Web sites:
http://msdn2.microsoft.com/en-us/library/aa387290.aspx
http://msdn2.microsoft.com/en-us/library/aa387292.aspx
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 900638 - Last Review: July 1, 2010 - Revision: 6.0
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows XP Media Center Edition 2005
  • Microsoft Windows XP Media Center Edition 2004
  • Microsoft Windows XP Media Center Edition 2005 Update Rollup 2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Baseline Security Analyzer 2.0
  • Microsoft Security Essentials
Keywords: 
kbsecantivirus kbexpertiseinter kbexpertiseadvanced kbtshoot kbprb KB900638

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com