System Event Inspected goes up faster when the UI is open

This is weird... Maybe it's just my computers... but has anybody else noticed that the System Events Inspected numbers on the summary page goes up MUCH faster when the UI is opened?

For example, I closed it RIGHT when it turned to 38.0 billion since installation, left the UI closed for two hours, and when I re-opened the UI, it was at 38.2 billion since installation. But it's going up by about .1 billion every six seconds when the UI is open.

*Very confused*

 

"...38.0 billion since installation....about .1 billion every six seconds...."

Other than pure advertising ,what is the benefit of such information ?


Claudiu

 

Actually, that information strikes me as pure advertising.

But even that has a cause, really, if you think about it. I mean, the program normally sits and watches and just stays out of the way unless there's something to do. Other programs are big about "LOOK!!! I'M DOING STUFF!! Aren't I great!!", and a lot of common users really want to feel that the program is DOING STUFF even though MOST users won't see a virus or threat very often. Though if they see one and have no AV, they're screwed. So the AV programs DO STUFF so the user doesn't feel they for some reason don't need anything at all and end up getting screwed.

I mean, really, how likely is a normal person going to end up getting an infection trying to hit their system during a 30-day trial for example? So yeah, it makes sense to show information related to the fact that the agent is actually DOING STUFF, even if it's not throwing that information in your face every time you download things or whatnot. You can go look at it though and see that it actually IS doing 'something'*. And now people know how to make their system events skyrocket. XD

Anyway, I think I know what's up with this. When you tap into the system events from a different location, the agent is talking to the GDI portion of Windows at a very low level. Instead of saying "Draw a box and put the word 'Webroot' in it", the agent is like putting each individual detail of the box and the parts of the picture of the word, and tracking the mouse over its UI and everything. So it looks like the UI creates a huge number of GDI calls in general, which explains why the mouse pointer falls behind sometimes on really slow computers when it's over the Webroot UI.

Then, sure enough, when you look at the details, the vast majority of that count is Window/GDI Events. The GDI event handler in Windows is not at all strained by this (it's working at about 0.03% capacity on this system for example), but most programs don't make nearly as many GDI calls. So it's counting its own events and it has a lot of them!

I like it, actually, even though it messes with the numbers. That kind of granularity on the GDI calls means much finer control over its own process display and means that, for example, it's nearly impossible for a virus to tamper with it. But wow, it's a lot to count. XD

Of course I could be completely wrong, but that's my speculation.

(*It's doing 'something' accurately too. The monitored registry events stays in line with the view that ProcMon gets. :9 So it's not just making up numbers. Then attach a hardware debugger and see that it's definitely doing a code path against every event. Plus it's an awesomely efficient code path! I like that too.)

 

If you think 38 billion is a lot, I'm now at 89 billion (& counting!).

 

Enjoy counting

 

There actually is valid to the numbers - you can click on the "More Detail" link to view individual events and we frequently use the Protection Statistics to know if something isn't working right.

As for them incrementing faster while the UI is open, that's an interesting one - it could possibly be that WSA is monitoring itself and therefore counting up as it refreshes, but I'll take a closer look to see

 

That's nothing. I got that beat by...billions!



Also, see Protection Statistics reset

 

I think the Silver Cup goes to Tarnak! (Unless someone else can beat that. )

 

Looks like we will have to give the Cup to Tarnak. I'm only at 81 billion...

 

Ha! My gaming computer takes the cake. 8.1 Trillion. XD

 

8 days, 15 hours, 3 minutes, 50 seconds.

190,3 billion since installation.

 

Wow Can you post a screenshot? I've never seen it go into the trillions, even on my systems!

 

Haven't posted images to Wilders before, but here is this (I think)

http://i46.tinypic.com/zvvq4z.jpg Meh. Well,not in-line, but meh and meh.

 

Here it is inline, and quite a sight to see!

 

wow Gratz man

 

I guess Techfox1976 doesn't reinstall much?

TH

 

Holy smoke!

 

Yes impressive isn't it, wonder what it will show around this time next year

BTW I see that you changed your name again, final time this time?

 

I think it'll reach a zillion. Now that would be stupendous!

[OFF-TOPIC]

It's my real name. Yeah I guess I'll keep it this time.

 

A lot of numbers it is yes.....

Nice

Yeah I think you should

 

Trillions is the Max then it resets itself.

TH

 

Yeah I guess that's good.....after all it's just numbers

 

As Joe said here:

TH

 

Thanks.

 

I think so also Amit!

Daniel