VBA32 strange memory issue

I have noticed a strange issue with VBA32 3.11.0 in Windows XP with FUS, Fast User Switching, enabled. When you switch users and log on as another account you get the message that that VBA32 interface is used by someone else's account, ok normal enough, but now look at the memory footprint. Mine decreased from 34MB roughly to between 1-7MB. Actually loggin off all users also does no good either. Some will say hell yeah this is good, but I don't think that something is right and I am wondering if anyone else can verify this little issue.

 

No one else sees this?
It may seem like I am being pushy but I just want to see
if this is widespread or if it is just my setup.

 

The few members here who use VBA probably, like myself, do not use FUS.

Further, does it fully support FUS? For example can the RTM deal with malware in all profiles?

 

I can not be sure as it doesn't say in the documentation.
It would be nice if the Reps here from VBA32 could shed some light on this, but then again it is around 4pm in Minsk right now, so more than likely they will not.

 

Does the VBA32 system tray icon load in all profiles?

 

No the message comes up saying that it is running under a different user, so I don't know if it is running in the background or not. I will have to test it more today when I get home and see what is actually running. Throw some samples at it and see.

 

From what you say and my experiences with earlier versions of KAV 5, which did not support FUS, VBA32 may also not be fully functional in all profiles.

Check to see whether VBA is running in the background in some profiles as a service.

Further, as you suggest try throwing some malware samples in the different profiles. If you don't see RTM popups in all profiles then you have your answer.

If not fully functional then VBA32 will still be protecting all the users concurrently logged in using FUS. However, the users who weren't the first to login cannot run the VBA Monitor and therefore they do not see any popups when malware is found. BUT access to the infected file is blocked. The popups are only presented to the User who logged in first and is now inactive.

This may therefore explain the lower memory footprint when switching profiles?

 

I think you misunderstood me, I get your points about the other users but I am worried about the original account.
The screen capture in this thread is from the original account with VBA32 loaded, this is/was after a FUS, so my worries are that the RTM hangs or something along those lines and is then not available to the original user even though the icon and process are present.

Tried:
1. Restarting the service from original account which loaded the program.
2. Logging off all users and restarting the program.
3. Logging off each user seperately and trying to reload the program.

I will try:
1. Tossing samples limited login only.
2. Admin account only
3. Both accounts loaded, admin side.
4. Both accounts loaded, LU side
--All above with FUS enabled.

Hope you understand me a little better now.

 

Okay now.

 

Ok well so far, it does:
-Pick up the samples in LU mode, and shows messages in Admin users desktop.
-Pick up the samples in Admin, with LU logged in.
- Stops heuristic scanned files from running, but you have no idea why.

Doesn't:
- allow cleaning or other options from LU mode, *known*
- No messages at all are displayed besides the default one up log in
-Show up as a service at all in LU mode

So in conclusion it does work in LU mode and Admin at the same time, but as suspected, no message LU client side, all admin side.

But, the memory issue still remains, once you log off the other user the usage drops dramaticaly to about 1.4mb then once you log the other user on it shoots up to 27MB. Wierd....

Time for more testing.

 

Will be of interest to see what support has to say.

 

Displaying of Vba32 interface doesn't depend on user privileges (admin or LU). It depends on session ID of the user. Interface is displayed in the session 0, first logged on user gets session ID 0, second (after switching to another user ) - 1. However RTM protects all the users, independently of their session, but messages displayed by Vba32 when some malware is found are shown only in session 0.

About memory - "Mem Usage" column in Task Manager doesn't display real memory usage of a process, it's decreased when some parts of process are swapped out. It seems that "VM Size" column displays more realistic values.

 

Thanks for clearing this up.