WSA AV and explorer.exe RAM usage

Hi guys,

A friend recently was given an extended trial of WSA AV that I encouraged him to try on his Win 8.1 x64 set-up. Checked with him today how it was going and he was impressed but was surprised how much RAM was in use given how light I told him it was and the overall feel of the system .

Ignoring the RAM doesn't effect performance debate I decided to have a look for him. On checking it seems memory usage for explorer.exe is up about 400% (70,000,000 to around 290,000,000) when using WSA. He has plenty RAM so it's not an issue. I'm just curious if it's normal and if WSA is 'hiding' RAM usage in explorer.exe or utilising it in some way to enhance protection.

Thanks

 

Yes I see what you mean it's around 280MB and then I turn off WSA it goes back to about 25MB of RAM after I restart Explorer. We will see what Joe has to say but as we know Windows 8.1 is not officially released to the public so not officially supported and he may have to look at it himself since I see the same in my VM. But WSA still uses 3 to 6MB of RAM which is normal.

Thanks,

TH

 

WSA should definitely not be affecting RAM usage in Explorer to any noticeable extent (only about 100KB in total for the DLL which we load).

The only component of WSA which loads into Explorer is the right click shell extension and the new Backup & Sync folder browsing in the 2014 product. Could you let me know if you are using the 2014 closed beta? If not, could you try unchecking the box to enable right click scanning?

There are some elements of WSA which block suspicious access to explorer.exe but I'd be very surprised if they would create additional RAM usage.

Thanks for the help!

 

Hi Joe you can check mine if you like as I see this issue with 2014 Beta in my Win 8.1 Pro x64 VM. I haven't checked my Win 8.1 Pro x86 VM but I will.

Daniel

 

Thanks TH - I'll be able to take a look later this week, and will send you an email when I free up

 

Sounds good I can have Both Win 8.1 VM's running.

 

Hy guys,

Please keep us informed about your findings.


(its my first post btw, i have been a silent observer of the prevx forums for some time now )

 

Thanks for thinking about this.

8.0.2.174 is the version being used and I'm being told disabling right-click scanning and re=starting explorer.exe makes no difference. However I'm also being told that when unchecking the 'right-click' option and saving the configuration it is checked again after re-boot.

Unlike TH he's running Win 8.1 as his sole OS, not in a VM

Cheers

 

It looks like this is isolated to some change in Windows 8.1 specifically (as it isn't happening on Windows 8 ). We're going to be looking into it closer later this week and will let you know what we find!

 

I can also confirm this, on Win 8.1 Pro x64 (MSDN), installed as main system (so not VM).

Thanks for looking into it Joe ! Let us know if we can help in any way.

 

Same with 8.0.4.12 explorer ~320MB

 

Yep, same with 8.0.3.3 Win8.1 x64
Explorer RAM ~290mb

 

I have sent some info to Joe but he will be busy this week and only have limited time to visit the forums. I also have Win 8.1 Pro 32bit VM and it seems fine as explorer is running about 25MB of RAM. Can anyone else confirm on Win 8.1 Pro 32bit?

TIA,

Daniel

 

Hy guys,


I noticed another weird thing. Note: I'm running Win 8.1 Pro x64 (MSDN) as main system (so not VM)


I just installed Windows Firewall Control.

I fired up Windows task manager, and noticed this: RAM usage ~280 MB https://www.dropbox.com/s/l2ynuh8xqnwycaf/N%C3%A9vtelen.jpg
Now, a firewall shouldn't need that much memory. Actually, the FW RAM usage was the highest of all.

I already new about the "explorer.exe having high RAM usage" issue, so i had an idea:

1) First i shut down WSA and closed the firewall control, leaving only it's service running: service still using ~ 270 MB RAM https://www.dropbox.com/s/aswvgq6skjcse2h/same.jpg

The RAM isn't changed a bit.

I ended the service too.

2) Then i started the Windows Firewall Control while WSA was not running.

Here is what i got: RAM ~ 10 MB
https://www.dropbox.com/s/3xf7jot8uy3ee4g/startedwhilewsanotruning.jpg

Now it looks like what a firewall should.


3) Then i started WSA : RAM still ~ 10 MB https://www.dropbox.com/s/23f34crr99xu66c/allgood.jpg

Now its all good

After these steps, RAM seems to stay at ~ 10MB. I will leave my pc running tomorrow, doing the aformentioned steps, see if it stays there.


Maybe there is a connection to the explorer.exe issue?

 

How was Windows Explorer during that time of the last picture?

TH

 

IF i don't manually restart explorer.exe , its around 280 MB
If i do, it's around 30 MB

For the firewall application:

If i don't manually restart the process (service) its ~ 280 MB
If i do, it's ~ 10 MB


There is one difference though:

For te explorer.exe , I only need to end the process, then restart it in Task Manager.

For the Firewall, if I do the same, it will still be ~ 270 MB

For the Firewall, i have to shut down WSA, restart the Firewall while WSA is not running. Then it's around 10 MB, and stays there, even if i restart WSA afterwards.


I will do some further testing later today.

 

Maybe that help too. The sytem analizer tool in complete found memory leak in explorer.exe

 

May be it is a win problem then? Can u guys try a couple of VMs running a fresh win 8.1 without any app installed, and check the RAM usage of explorer.exe?

 

"Possible memory Leak" is based on RAM usage, so even without one, if it seems to be using more than normal, it will trigger.

If you can get Process Explorer to work there, you might be able to check whether any Webroot DLLs are loaded into the processes.

 

Any update on this now 8.1 is 'in the wild'.

Thanks

 

Is this being looked into? I just happened to see this thread and took a look at my task manager. Sure enough it's running at 280k. Kind of surprised me. Not that it matters much but I for the moment uninstalled WSA. Hopefully this will get sorted out quickly. Oh yes I also just upgraded to 8.1 64bit. Oddly enough this isn't the only issue I'm having with 8.1 and compatibility.

 

Yes they are looking into it and it is only Win 8.1 64bit as the 32bit version doesn't seem affected.

TH

 

THanks Daniel. I'm sure that it will get fixed.

 

Indeed, it is high on our list, although it has proven to be a strange issue which some other products are running into as well (not necessarily AVs). We're looking for a workaround still and will definitely report back in this thread once fixed!

 

Hello,

I was just wondering if there were any updates as I am still see high ram usage...