On my company's Microsoft IIS server, a process called brad32.exe is running constantly at 100 percent CPU utilization. Our senior network engineer recommended that I simply kill the process. Do you have any information about this process?
You're not alone in your battle against brad32.exe. This process has a history of adversely affecting performance by hogging CPU time. Brad32.exe is a component of Network Associates' Total Virus Defense Suite, Management Edition 2.0 or later, and Dr. Solomon's Antivirus Toolkit, Management Edition 1.5.1 or later. The utility, which is automatically installed on Windows 2000, Windows NT, and Windows 9x clients, is responsible for carrying out requests from a network server for such procedures as virus scans and client software updates. Under Win2K or NT, the brad32.exe process runs as a service rather than as a standard application. Many network administrators complain that the process causes adverse performance on client workstations. Worse, the system occasionally fails to properly remove the utility during uninstallation of the antivirus software.
Your first course of action should be to download the latest version of the Management Edition software from Network Associates' Web site. (Version 2.5 includes a new version of this communications agent.) If this download doesn't do the trick, try uninstalling brad32.exe through the Control Panel Add/Remove Programs applet. If this procedure fails, you might need to manually remove the program.
To do so, run System Policy Editor (SPE) and open the local registry of the machine in question. Remove the references to brad32.exe under the Local Computer\System\Run\Show and Local Computer\System\Run Services\Show policies. Although using SPE is safer, you might instead want to manually remove these settings from the registry. Open the regedit.exe registry editor, and use the Edit, Find feature to search for the brad32 string. Doing so will take you to the various registry locations that reference the utility. You can then delete those references. (Under the HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\Current Version\Run registry subkey, you'll probably find at least one instance that's responsible for launching the utility.) Remember that directly editing the registry can be dangerous, so be sure you have full backups of the system and registry before you proceed.