Video Screencast Help

SmcGUI.exe concern

Created: 06 Nov 2007 • Updated: 21 May 2010 | 10 comments

I've recently installed SEP with antivirus and proactive protection only, without the firewall component. I notice there's a SmcGUI.exe which sometimes jumps to 10% CPU usage. The command line for launching it is something like \.\\pipe:SygateSecurityAgent####... I know "pipe" and "Sygate" refer to a firewall, and that SEP's firewall builds on the old Sygate but I didn't install the firewall so why is SmcGUI.exe running in the background?

Discussion Filed Under:

Comments 10 CommentsJump to latest comment

Carsten Hoffmann's picture
Hi Searinox,
 
No need to be concerned! If you didn't install the firewall it will not be there even if some components like SmcGui.exe are running on your system. We also used the client/server communication module from the former Sygate products and not only the firewall.
 
Carsten
Searinox's picture

I see, but what exactly is its purpose then?

paulorf's picture
Hi there!
 
If you run Process Explorer, you can see that this is the process that launches the GUI when you double click in the icon, or open SEP through Start > Programs
doggybs's picture

Hi, I am having a similar problem. I am running windows server 2003 and end point protection.

smcGUI.exe every couple of seconds is using 10 / 15 percent of the cpu. It has been doing this all day and I cann't figure out what it is doing. I don't even have the GUI open, and disabling the virus protection doesn't not stop it.

If I use process monitor, it seem to keep read a series of registry keys over and over again, and accessing end point protection program files location.

Any ideas what it is doing and how to stop it?

Thanks

reza akhlaghy's picture

This thread is more than a year old and I reported such abnormal behaviour too,but still nothing. This is the main reason why SEP bring clients to their knees....(excessive amount of registry/disk access)

Lissome's picture

It is possible to create registry key that prevents starting of SmcGui.exe.
In HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\
create dword key "LaunchSmcGui" with "0" value.
This method has some backfires, so try to find article in knowledge base about that.

DanielW 2's picture

Paul,

So we are trying to understand how this process is getting launched as well.  Somehow SMC.exe is able to determine when a user logs in and then lauches SMCGUI.EXE with "High" integrity (in Vista) and has it impersonate the logged in user.  Also this is done, apparantly, through a named pipe.  I think I have a good idea of why you are doing this but we would like to know a little more about how you are doing it.  How is the SMC.exe service being notified of a logon?  It is important for us to know how things are running on our machines.  Could you provide a little more detail about this?  Obviously there will pieces that you might not be able to share (this is security software).  But we want to undertand your process a bit better. 

Thanks in advance.   

DanielW 2's picture

Also as a side note to the original question, we found  that having the communication method set to "Pull Mode" calms the client down quite a bit.  For some reason "Push Mode" (the default) is very CPU intensive, way more than we wanted.  "Pull mode" gets you back to the old way where the client checks in periodically to see if there is anything for it (based on the Heartbeat interval).  Push mode would be nice but it is not necesarry in most cases.

MeuliM's picture

Hi,
Dos anywone know a convinent way to disable scmgui.exe? My main problem is that the continuous disk access caused by scmgui.exe prevents my HD from stopping and severely reduces batery life time on my notebook. I tried disabling SEP using the try icon. However it seems that this does not reduce disk activity of scmgui.exe. Are there any setting to disable scmgui.exe (if SEP is disabled?)

Thanks in advance 
MM

Paul Murgatroyd's picture

you can use the registry key in here: http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/43316a227377bbe58825745d007d3678?OpenDocument

In addition, SmcGui idle time utilisation will be reduced a little in MR4 MP2

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint