From the WSUS Blog - Svchost /MSI issue follow up:

Hi Folks –

Just want to make sure you know we are actively following up on the comments posted on the svchost/msi issue. We are working on reproducing the reported performance issues on various systems in our labs. We will keep you posted as to the findings.

I also want to provide some clarification with install instructions for both the new client and the MSI fix, as well as upcoming available automatic distribution options, and the performance expectations after the MSI fix and new client are installed.

Build 0374 AU client/ WSUS 3.0 client:

While we are engaged in a world-wide deployment of the new AU client (build .0374), this staged deployment is occurring in a wave which we expect to complete by early June. This means that for AU users, the new client bits will just automatically self update when visiting the site before mid –June, and for WSUS users, you will be able to download the bits after 5/22/2007 (or upgrade to WSUS 3.0 now).

To make the client available earlier vs. waiting for the duration of the world-wide roll-out, we released the client in a ‘stand-alone’ form which you can download from the Download Center now. The version of the client is 0374 – and can be installed directly from:

http://download.windowsupdate.com/v7/windo...Agent30-x86.exe

http://download.windowsupdate.com/v7/windo...Agent30-x64.exe

http://download.windowsupdate.com/v7/windo...gent30-ia64.exe

Further instructions can be found in http://msdn2.microsoft.com/en-us/library/aa387285.aspx

Please verify on your systems, the client version here is: <windows dir>\system32\wuaueng.dll is 7.0.6000.374

KB927891/MSI fix:

To make sure you have the latest MSI fix in KB927891, make sure your MSI.dll binary version for supported platforms are exactly as documented under files in:

http://support.microsoft.com/kb/927891

This MSI fix will be available via MU/WU (and there by WSUS) by late May early June.

Expected results: It’s important to note that with the MSI fix and the new client installed, the CPU may still go near 100%, but the system should still be responsive and not lock up. If another task requires CPU cycles they will be shared, but if the system is idle, MSI will use the full cycles available. If a task is running at the same time as MSI, the system may be slightly slower, but should still be responsive during this time. Key to remember the MSI fix and the new client address unresponsive or locked systems. CPU spikes during some scans are expected, machine unresponsiveness is not. If your watching the process monitor, you will still see 100% CPU during some scans and this is expected behavior.

Next steps for problem systems:

If, after checking these installations, and reviewing expected behavior, iyou are still experiencing this issue and have a system which we can remote into, or obtain logs from, for further investigation, please contact me directly at bobbieh@microsoft.com. The windowsupdate.log from the system experiencing the performance issue would be helpful information as well as full system description of hardware, platform and additional programs installed and running.

Thank you,

Bobbie Harder

PM, WSUS CPE
Filed under: Windows Server Update Services, WSUS

Posted May 4th -
NOTE: There will be new software controls being installed for the V7 Windows/Microsoft Update sites soon. If you do not want to wait for them and are experiencing the SVCHOST issue, then download the latest Windows Update Agent NOTE: The link is for the x86 versions of Windows [Win2K, XP, Vista]
To obtain the x64 version, click here
Save it, do NOT run it. When the download is complete close the browser. Now run WindowsUpdateAgent30-x86.exe
IF a message appears stating that the Update Agent is already installed, then go to Start > Run >
click the Browse button
Navigate to where WindowsUpdateAgent30-x86.exe was saved and click once on it
Click the Open button
In the Open: line, click once on WindowsUpdateAgent30-x86.exe
It should now be highlighted in blue
Click once after the last quotation mark "
Push the Space Bar on the keyboard and enter /wuforce
The entry should now look like this

"C:\<locationoffile>\WindowsUpdateAgent30-x86.exe" /wuforce

Note the space after the last quotation mark and the /

Click OK or press Enter
Then download, save, close the browser, and install KB927891
NOTE: KB927891 is NOT supported nor intended for Vista

From The WSUS Product Team Blog - Update on svchost/msi performance issue and 3.0 Client distribution plan

Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Do not exclude any one of these based on the file name extension. For example, do not exclude all files that have a .dit extension. Microsoft has no control over other files that may use the same extensions as the following files.

• Microsoft Windows Update or Automatic Update related files
• The Windows Update or Automatic Update database file. This file is located in the following folder:
%windir%\SoftwareDistribution\Datastore
Exclude the Datastore.edb file.
• The transaction log files. These files are located in the following folder:
%windir%\SoftwareDistribution\Datastore\Logs
Exclude the following files:
• Edb*.log
Note The wildcard character indicates that there may be several files.
• Res1.log
• Res2.log
• Edb.chk
• Tmp.edb