PG and BOClean : quote from Kevin 1-March-2005

Discussion in 'other anti-trojan software' started by FanJ, Mar 1, 2005.

Thread Status:
Not open for further replies.
  1. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Hia...
    Off topic request: what utility are you showing in those screen shots??
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    That would be Process Explorer, a very handy very informative task manager with a lot of tools and freebie :)
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Infinity, I think no 13 was asking what screen capture program was being used :)
     
  4. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    In my case it was Process Explorer for the window shown and SnagIt for the image and added text/arrows.

    Blue
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    ok, no prbs

    :)
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I just finally read this thead, as I don't use BoClean, but I noticed the same behavior with Webroot Spysweeper. If I turn on all Spysweeper's shields and have the gui minimized I get the same behavior of CPU spikes. IF the gui is open it they go away. I traced to their memory shield, which apparently sweeps ram for spyware. I assume it is doing it about every 30 seconds. When disable the memory shield they go away.

    Given all the other stuff I have protecting my computer I just turned off that shield. I will periodically turn it on and let it check my machine, and then turn it back off.

    Pete
     
  7. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    That Spysweeper memory shield is a notorious problem. I finally had to disable it because it caused brief hesitations in my Realplayer and would do the same with the DVD player when trying to watch movies, not to mention my screensaver. I believe Webroot is aware of it. Hope to see some program update smoothing it out in the future. :eek:
     
  8. controler

    controler Guest

    If I remember correct, Kevin added the feature to tha last build of BoClean to do another memory scan every time you open and close the boClean menu and added the red color. Why wouldn't the CPU spike then?
    I am not sure about this without going back and reading but if I remember correct Kevin also added a new kernel mode driver? Maybe not but if so, and PG uses one, I am sure there will be conflicts.

    Bruce
     
  9. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi controller,

    You are right, from what Kevin has wrote to me Boclean make "memory calls" into the kernel and it is also monitoring the registry wich could cause conflict with PG and NOD32 at least, that's what Kevin wrote me!!!

    My question now is, if Boclean play at the kernel level and monitor the registry can that mean that Boclean should or might conflict with some other software like RegRun and RegDefendo_O?

    Atomas31
     
  10. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Atomas31/controler/Peter2150,

    I guess I don't quite understand the time dependent nature of the trends. If it's a conflict, I'd expect seeing issues from the start, and not see a reset to "expected" levels, followed by a slow rise in the spike level.

    On a quick test, shutting down the GUI of RegDefend didn't have an impact, and the "problem" doesn't seem a whole lot worse since I installed RegDefend, so that doesn't appear to be a contributing factor.

    As you'd expect, since BOClean is a process memory scanner, those spikes scale with the process load in memory. It's as though the scan doesn't quite properly reflect the current state as processes are loaded in/unloaded from memory. Since a simple load/unload of the menu system (and with whatever resetting occurs when that happens) brings the spikes way down, it would seem that a temporary fix would be straightforward (do this "reset" operation on an infrequent but regular basis - like once an hour). Just a suggestion based on the system response I see, there may be pragmatic reasons this wouldn't fly.

    Blue
     
  11. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Atomas31,

    In the five years that I have used BOClean, I have never seen BOClean conflict with the registry monitors I have used with it (that includes Greyware Registry Rearguard, RegProt, RegRun and now RegDefend).

    Nick
     
  12. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Thx guys
    I was asking about PE...
    Did anyone see Iarsn TaskInfo?
    ~unfortunately, I have nothing sane or funny to add to this topic.~
     
  13. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Just to keep folk up to date, Kevin has very recently informed me that he will be sending me a custom built BOClean.exe to try out in the next couple of days :cool: but that the problem is with ProcessGuard, that the ProcessGuard problem is affecting other software, some even more seriously than BOClean, and that the problem* is leading to a kernel memory leak of some sort and that it is this which is causing the rise in CPU. Most of this is completley beyond me, so please do not ask me for an extended analysis :)


    *"calls to the system for a function called "GetShortPathName" (which merely asks the system for the actual kernel filename associated with a long filename path, it doesn't DO anything) is being handled improperly by ProcessGuard" :eek:
     
  14. controler

    controler Guest

    I guess I am missing something here in this disscussion again , duh me?

    "BOClean also performs a "recalibration" every ten seconds which examines registry and system components to ensure that nothing has changed since its last calibration cycle in order to prevent against injections into already running programs."

    The only diff here is that in the old version, you could change the calibration
    time but the recommended was 10 sec. Since I reformated both my desktop and laptop and do not have PG on my desktop and have not reinstalled PG on laptop yet. I do have BoClean on both.
    Even without PG installed, BC will spike 100% for a few sec on closing the menu
    and again every 10 sec. This is normal operation.
    Are you saying with PG loaded, the 10 sec spikes don't go away but keep growing? Because of a Mem leak?

    Bruce
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I have a whole bunch of stuff running with Process Guard and don't have memory leak or creeping CPU usage issues. Even Spysweeper which is doing the same kind of thing doesn't. I turned of the memory shield of spysweeper as with my other protections I don't need something checking memory every 10 seconds. I guess the same thing would apply to an antitrojan.
     
  16. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    Why not uncheck - "Monitor system continuously" in BoCleans configuration ?
     
  17. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Normal operation as described by Kevin is BOClean using less than 10% CPU every ten seconds, not 50-70% CPU every ten seconds which is what I am experiencing.
     
  18. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    This has the effect of reducing BOClean to running solely at startup and any updating would then have to done manually. This is how I am currently running BOClean ...
     
  19. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    My experience also seems to indicate a "plays well with others" issue for Boclean rather than PG. I'm curious to know which other programs have a bad reaction to PG. I would have expected to hear more on the PG forum if the problem was widespread.

    My suggestion to Kevin would be release a v4.13 that can adjust the frequency of Boclean's memory scans (2-3 minutes is better than never). Then, take your time trying to address these issues in a new version that's going to get prolonged and thorough testing. The goal should be a scanner with minimal impact on performance even when the system is running at or near full capacity. I think that implies full configurability over Boclean's behaviors and its exclusions. Remember, no security app is an island. :)
     
  20. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I hear what you say, earth1, but I will leave it for Kevin to decide whether to make that sort of information public - I am definitely not cut out for the role of messenger, even if I have been flirting with the role recently. Certainly I have experienced no problems with ProcessGuard other than that of BOClean. FWIW, I am now running BOClean solely at startup and a-squared Guard real time - CPU is very quiet :D
     
  21. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    Sorry, Howard, I wasn't trying to pump you for information -- merely wondering aloud with the hope of being indirectly helpful. I know (too well) the feeling of certainty that my program's problems must be coming from somewhere else. Most often, I eventually find a solution to my own problem.

    I do appreciate the information from Kevin and continue to root for him and for Boclean's ongoing success. The suggestions were meant to be constructive and I hope they haven't come across otherwise.
     
  22. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    That actually doesn't make much sense and doesn't tie in to the memory leak idea expressed earlier. Did Kevin give any more description about the problem? Does he mean BOClean calling GetShortPathName is causing PG problems or PG calling that function causing problems?

    ProcessGuard only calls that function once when you add a new protection item, and there is no way it could memory leak since all the buffers are static and not dynamic. So if it is in this context it doesn't make any sense.

    If he is talking about BOClean calling that function.. then that is a different. I havn't traced that function to see where it goes exactly in kernel mode, but it seems unlikely that this could be the problem.
     
  23. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    No problem at all earth1, I thought your post asked the sort of questions I hope I would have asked if the positions were reversed and if I was more knowledgeable than I am about these matters :)
     
  24. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    This, I believe, is what Kevin is referring to, but we are not simply at the edge of my understanding here, but have moved almost to another continent, so I would not dream of commenting on the likelihood or otherwise of the explanation. I shall remain a grateful but agnostic build tester for now :)
     
  25. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Turns out PG's response to GetShortPathName was not the problem. The current test of build of BOClean is running at 2-5% CPU :cool: so we can assume Kevin has correctly identified the problem (something to do with PG not liking BOClean's kernel prodding/proprietary kernel fishing - don't ask me to explain, this is all I know). Yesss!!! :D :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.