Anti-malware Memory Usage; RAM, Virtual etc

Discussion in 'other anti-virus software' started by get_it, May 4, 2012.

Thread Status:
Not open for further replies.
  1. get_it
    Offline

    get_it Registered Member

    Hello,

    I would like to know if there is an accurate method of measuring the total memory usage of a security application/product not only by observing RAM usage as this alone does not reveal the full story.

    I've used the Resource monitor in Windows which does give a more accurate depiction of the memory in use; standby, free etc. but there isnt a break down of which component (process, driver etc.) is using exactly what?

    I am concerned with this since i have tried several anti-malware solutions while running Win 7 x86 as a guest OS on my Win 7 x64 machine (host). I've allocated 1215mb RAM to my VM and my computer (the host) has 3GB RAM in total. I installed a trial of each anti-malware software on my computer and the guest OS in the vm (i.e. Product A installed locally on host and also installed in VM guest, then tested). Upon launching the VM certain anti-malware products would cause my computer to freeze, both host and guest. During the boot of the VM i have the Resource monitor open on the host machine, and examine the amount of free RAM available and certain anti-malware solutions which report a low RAM usage in Task Manager were in fact the ones which used most RAM overall when i fired up my VM which, also had the same anti-malware program installed.

    So what gives? Where is the rest of the memory being used?

    Regards
  2. King Grub
    Offline

    King Grub Registered Member

    Check the svchost.exe:s. You usually see an increase in RAM usage there.
  3. fax
    Offline

    fax Registered Member

    Also watch out for malware tools not supporting virtual machines.
  4. i_g
    Offline

    i_g Registered Member

    No, there is no accurate method.
    Long time ago, I tried to make some points about the futility of those attempts (here), but I guess it was a futile attempt itself ;)

    Using a virtual machine is an interesting idea, but I'd say the interaction with the virtual machine, its own overhead etc... would affect the results a lot (compared to the "real" situation on a real machine).
Thread Status:
Not open for further replies.