Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied

Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied

Symptoms

Consider the following scenario. You are running antivirus software on the computer. Either of the following actions occurs:
  • The Wsusscan.cab file or the Wsusscn2.cab file is copied to a local computer.
  • The Wsusscan.cab file or the Wsusscn2.cab file is copied from a folder on a local computer to a different folder on the same local computer.
Note The Wsusscan.cab file or the Wsusscn2.cab file may be copied by Microsoft Systems Management Server (SMS) or the Microsoft Baseline Security Analyzer (MBSA) to perform an offline security scan.

After either of the previous actions occurs, you may experience one or more of the following symptoms:
  • CPU use may increase to 100 percent.
  • The computer may be slow to respond.
  • The computer may appear to stop responding.
  • Virus scanning may take a long time.
  • The virus scanning process may quit or may time out.
  • System resources may become low and may not be recoverable.
Note The symptoms that you experience depend on the antivirus software that you are using and the scan options, such as scanning inside archived files, that you have configured.

↑ Back to the top

Cause

This issue occurs because the antivirus software on the computer scans the Wsusscan.cab file or the Wsusscn2.cab file.

↑ Back to the top

Workaround

To work around this issue, configure the antivirus software by using any one of the following methods.

Notes
  • The antivirus software that you use may not support the following methods.
  • These methods are listed in order from least risky to most risky.
  • If you do not want to use the methods described in this article to work around this problem, and if you are using the SMS 2003 Inventory Tool for Microsoft Updates to perform software update scans, you can schedule those scans during non-business hours. By scanning after business hours, end-users are less likely to notice any affect on the performance of the computer that is being scanned.

Method 1

Exclude the Wsusscan.cab file and the Wsusscn2.cab file from the antivirus scan.

Notes
  • Because the Wsusscan.cab file and the Wsusscn2.cab file contain several nested cabinet files, excluding only these files is not typically sufficient to reduce unusually high CPU usage. To significantly reduce CPU usage, also exclude nested cabinet files that are within the Wsusscan.cab file and the Wsusscn2.cab file.
  • If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method.

Method 2

Exclude all .cab files from the antivirus scan.

Note If a virus is present in a .cab file, the virus should be detected when the file is uncompressed. Therefore, there is almost no increased risk in using this method.

Method 3

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

Exclude all archived files from the antivirus scan.

Method 4

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

Exclude the following items from the antivirus scan:
  • The folder in which the Wsusscan.cab file or the Wsusscn2.cab file is located.
  • The path of the Wsusscan.cab file or the Wsusscn2.cab file on the local computer.

↑ Back to the top

More Information

The Wsusscan.cab file and the Wsusscn2.cab file are archive-based files. These files contain security-related update metadata. This metadata is used for scanning for updates that are available on Microsoft Update and which apply to the computer against which the scan is being run. The Wsusscan.cab file or the Wsusscn2.cab file is used to perform a scan of the computer locally, in an offline manner, without having to be connected to the Microsoft Update Web site.

For more information about offline scanning and Windows Update Agent (WUA), visit the following Microsoft Web sites:
http://msdn2.microsoft.com/en-us/library/aa387290.aspx
http://msdn2.microsoft.com/en-us/library/aa387292.aspx

↑ Back to the top

Keywords: kbsecantivirus, kbexpertiseinter, kbexpertiseadvanced, kbtshoot, kbprb, kb

↑ Back to the top

Article Info
Article ID : 900638
Revision : 4
Created on : 4/17/2018
Published on : 4/17/2018
Exists online : False
Views : 272