I read the post about killing the mcsysmon.exe process which then allows spybot to run fine. Which is great for me. But some of the home people that i help out won't find it so easy.

So what if... gotta love that "what if"

In McAfee...
Open SecurityCenter
Click on Internet & Network > configure
Under firewall Protection is enabled click advanced
Then click on program permissions> add allowed program.

Now if you add spybot will that stop mcsysmon.exe from hanging?

Here's my problem...when i browse for the spybotsd.exe file it doesn't exist in the program files\spybot directory. Windows search doesn't find it either.
When i check the target of the shortcut... yep thats where it points. Runs just fine. No spybotsd.exe.

What is going on?

The .exe's in the spybot folder are:
blindman
sddelfile
sdmain
sdwinsec
unins000
update

Am i going crazy?

My other idea is to create a batch file that will kill the mcsysmon process then fire open spybot.

There is a cool utility here
http://www.beyondlogic.org/solutions/processutil/processutil.htm

Personally i'd tell everyone to not use McAfee until they fix the problem... but comcast is giving it away. Tough to use a free AV when you can get a big boy for nothing.

Thoughts??? Comments??? Help???

averagetechy:


... Here's my problem...when i browse for the spybotsd.exe file it doesn't exist in the program files\spybot directory. Windows search doesn't find it either.
When i check the target of the shortcut... yep thats where it points. Runs just fine. No spybotsd.exe.

What is going on?

The .exe's in the spybot folder are:
blindman
sddelfile
sdmain
sdwinsec
unins000
update

Am i going crazy?
...
...
...
Thoughts??? Comments??? Help???
You are not going crazy. In Spybot 1.5.2 some of Spybot's executables are hidden as protected operating system files. To see them:
Using Windows Explorer navigate to:
C:\Program Files\Spybot - Search & Destroy
In the Tools menu select Folder Options…
In the Folder Options dialog select the View tab.
Under the "Hidden files and folders" options:
Make sure "Show hidden files and folders" is selected.
Not "Do not show hidden files and folders".
Uncheck the following option:
Hide protected operating system file (Recommended)
Click the Apply button.
Click the OK button.
The files should now be displayed
Note: If you uncheck the "Hide protected operating system file (Recommended)" option to view Spybot's executables, I suggest that you return the option to its original setting when you are done.

Very sneaky. Ok did that. Added Spybotsd.exe to the trusted programs and it still hangs up.

Guess its time for the batch file.

averagetechy:

Problems noted in the in the past with AOL/McAfee also involved mcsysmon.exe. It appears that mcsysmon.exe uses an excessive amount of CPU time when there are too many entries have been added to Internet Explorer’s restricted sites zone. This has caused people not to be able to log onto AOL.

The problem not only occurs with Spybot but other third-party applications which add restricted sites to Internet Explorer and probably could occur if you manually added too many sites to the restricted sites zone. McAfee's cure for the problem is to eliminate all Internet Explorer Restricted site entries. See:
ERROR AOL ERROR (AC-0000) error 0x90000000 (when logging in to AOL 9)
http://service.mcafee.com/FAQDocument.aspx?id=307211&lc=1033&partner=McAfee&type=TS&ia=1
My personal opinion it that it is clearly a McAfee problem and should be corrected without requiring a user to delete their restricted sites entries.

See if the following helps: Go into Spybot and "Undo" the immunization for profiles listed a "Domains".

Wouldn't undoing what spybot did be bad?

I've scheduled spybot to run at 3am on tuesday mornings once a week... so the delay to the problem won't be noticed.

Why can't they just all get along :)

averagetechy:


Wouldn't undoing what spybot did be bad? ...Removing the entries from Internet Explorer's Restricted Sites zone certainly reduces your protection. From the fix ( http://service.mcafee.com/FAQDocument.aspx?id=307211&lc=1033&partner=McAfee&type=TS&ia=1) that McAfee published it is unclear if they: Claim that they that you do not need those entries and that they are protecting you in that case.

---or---


Are just overcoming their programming problem because they are just inspecting Internet Explorer's domain entries for entries such Trusted sites zone entries (which is quite common with anti-malware products) and taking an extreme amount of CPU time when there are a substantial amount of domain entries.
I certainly suspect the latter.

Your question may be better addressed in the McAfee Support Forums (http://forums.mcafeehelp.com/index.php).