Webroot Spikes CPU (dramatically)

So I installed Webroot on a test machine - again today. Immediately I can tell you it has issues with spiking the CPU. Test machine is a quad core 3.2ghz, 8GB DDR4 machine running a clean Windows 8.1 install.. Avira+Mbam(Chica)+Admuncher running on it. However I uninstalled everything but WSA, and the spikes are identical.

For testing I launched various applications, and found Webroot spiking CPU as high as 40-45% in some cases, rarely less than 30%.

For example in this shot you can see, Webroot spiked at 30% while Chica(Mbam) is at 5.5%, and Avira a paltry 1.7%. In my view, anything over 10% is unacceptable - for any application. Note that Windows 8.1 continuously flags Webroot as a 'resource hog' if you note the color changes, Webroot descends into orange warning area.

Edit: The spiking happens during application load. In this case it is a fresh load of Opera. When Webroot is uninstalled, application load speed improves by roughly 58%. Which potentially may be caused by the CPU spikes from Webroot. I've tried Webroot on default settings, then trimmed it down to ONLY the malware protection, same result. I've also trimmed settings down to scan on application launch only, same issue. I can duplicate this on multiple machines if necessary.

 

Well this from my Win 8.1 Pro x64 VM.

0% CPU and very low Memory!



And from my Win 7 x64 host i7 CPU 16GB of 1333Mhz RAM on SSD's.

0% CPU and very low Memory!



TH

 

Could you see if a scan is taking place in the background (by right clicking on the tray icon?)

And, can you send a scan log to my username at gmail.com so that I can take a look at what else WSA was doing?

Thanks!

 

My god... If you want to offer any kind of support then at least follow my instructions to replicate the issue. I clearly said;

The spiking happens during application load. Based on your screenshot, you are not launching any application.

Webroot is doing nothing in the background, and I waited until it was 'fully' settled down, consuming no processor time or resources..

 

As far as I've seen, you've been offered EVERY kind of support, and haven't even bothered to comply with simple request(s) to provide a scan log...yeah, great co-operation from you...and now 'shouting'!

The support from these guys is the best in the business, make no mistake.

 

From what I have determined the identity protection module is reacting to some programs, in this specific case - Opera.

Disabling IP/Phishing protection doesn't fix the issue. Changing Opera to be ALLOW or DENY within the IP module program setting fixes the issue, the CPU spikes generally go away.

Any clue as to why that would be the case?

 

I have to totally agree with you Dermot! All I've seen in several different threads are attempts to demean and complain about WSA. I've seen little desire to learn or work with the WSA support team.

 

I don't know, but as for everything else which I've requested, a log would be the absolute first place to start.

 

Alternatively, what about installing opera on a test machine there, and attaching various websites to the speed dial, and observing?

 

I use Opera myself on production and dev machines and haven't ever experienced any CPU spikes.

 

i use opera myself both the new version and old one (12) and i see no spiking from it. doesnt solve my typing issue with a couple clients but i have to get back to those places to get a log file ive been down for the last week and may have to have surgery so im working on it.

 

I need to put this on an isolated test machine before I can submit logs. I don't submit, or even keep logs on the personal machines here. I also don't send emails to Gmail/Hotmail/Yahoomail. So there are a few reasons why I haven't submitted logs, I just didn't want to go into it.

 

Wasn't it already on a test machine?

No offense intended but sounds like tilting at windmills

 

I knew this would come up, which is why I said 'isolated' test machine. IE one not connected to my personal network, one that hasn't connected to it, and in general one I can guarantee doesn't store anything personal. (hence - isolated)

So yeah, while I was testing it on a test machine, that machine was still on my home network, interacting with software/hardware on that network, etc. It would also have information on my layered protection, and potentially methods of encryption... In general - not isolated, but testing sure. Testing machine is for me to test. Isolated is for me to test for someone else, or some other company, or to help find issues such as this WSA one.

 

Well, then looking forward to see this evolving into isolation and finally seeing the birth of a txt file.

Btw, its not so complicated as you picture it and log manly contains a list of executables. The log is in clear text and if you are familiar with computing (sounds like you are?) you just need to inspect the log and remove whatever its for you not appropriate (e.g. user name). At least this way results will closer to a real environment.

 

I'm well aware of what is in WR logs, as well as the hundreds of other logs on a Windows machine. Some of us are paid to know this stuff, others (majority?) on this forum aren't. That's actually why I need to make sure it's on an isolated machine, with just the basics required to try and find the problem. However at this point I am involved in some other projects and cannot devote time to debugging a product. Gmail is a non-starter though, I don't respond to Gmail accounts, much less send logs or security related text through it. I'm not trying to be difficult though, I just don't send off logs to random unsecured emails. Maybe it's the HIPAA compliance engineer in me.

Heck I just finished fixing Avira slowing boot times by about 300%, apparently a common problem with Avira that nobody has been able to solve. Now I need to submit my results to Avira forums so people know how to solve this issue. I really should be hired by these companies to solve their issues, as I waste far too much time on them..

For now, WSA is a non-starter here until some serious issues are resolved, up to and including the inability to type into a browser bug others have reported that crops up randomly.

 

Ehm... I see... lol

 

Is the Webroot Log Utility link secure and does it contain all your scans? (Just asking)

 

I agree, about Google. Joe, should have a Webroot e-mail address, that we can send requested logs to. I will not be sending any logs to a Google address, any more, if requested in future.

Can't trust Google!

 

I do have a Webroot email address (and a Prevx one) which I'm happy to supply by PM. I just don't want them scraped by spam bots

 

Please PM me, at your leisure! ...with address details, for use in future.

 

Hey Presto! That was quick...Thanks

 

Whilst Gmail has some spam filtering, it's fair to say by publicising that address, it too could be "scraped by spam bots".

Webroot being a security company should be able to deal with spam at the server level though. I do, however, understand where you're coming from and agree requests by PM is the better approach.

 

I actually no longer send emails to any Gmail, Hotmail/MSmail, Apple, Yahoo, Aol accounts of any kind. If I get emails from them they aren't responded to any longer. If more people did this we'd send a message, and frankly - it's pretty silly anyone is still using these companies for this. (no offense)

In HIPAA compliance audits I find doctors using Gmail and Yahoo to send confidential patient records, even Xrays, and test results. This is ludicrous, and can result in fines, as well as civil lawsuits but most of these doctors are clueless about actual regulations/compliance, many don't care - frankly. Once audited, it's suddenly a big issue - and we get the panic calls. But don't people read the news stories? Why are they using these services?

 

Btw, as far as I can see, as of September 2013 Gmail is HIPAA compliant, the same will be soon or already it is for hotmail (now outlook.com). Actually, its not rare that some email providers provide much less security that those mentioned.