The Configuration Manager 2007 Inventory Tool for Microsoft Updates uses the Microsoft Update catalog file (wsusscn2.cab) when scanning the computer for applicable updates. This file contains nested cabinet files. It is located in the inventory tool’s package ID folder under %system32%\VPCache. Antivirus products that decompress cabinet files before scanning may result in sustained high CPU utilization when scanning this file and its contents.

If you experience high CPU utilization, you can configure your antivirus software so that it does not scan this file and its contents. The method for controlling scanning of wsusscn2.cab will vary depending on the antivirus software you use.

Because the file contains a number of nested cabinet files, excluding the wsusscn2.cab file itself is not usually sufficient to combat the high CPU utilization unless you can also specify to exclude its contents.

If your antivirus software allows it, excluding the whole VPCache directory from being scanned should make the scanner skip wsusscn2.cab and all nested files. Specify the path to skip as %system32%\VPCache\<inventory_tool_package_ID>. Skipping the entire VPCache directory should not introduce a security issue unless you have weakened the default access to system files.

If excluding this folder is not possible, another option is to exclude scanning of all .cab files. However, this solution is not recommended because a standard user could copy a malicious cabinet file anywhere on the computer and it would not be scanned.

Refer to your antivirus configuration instructions on how exclude specific folders or types of files.

For more information about this issue, refer to the Knowledge Base article 38565 (http://go.microsoft.com/fwlink/?LinkId=50014).