Continuous I/O Spikes when Prevx SOL enabled

Discussion in 'Prevx Releases' started by Adric, Feb 11, 2011.

Thread Status:
Not open for further replies.
  1. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    I have another bone to pick with Prevx/SOL. :D

    I currently have SO disabled because when it is enabled, I see a continuous stream of I/O spikes in conjunction with explorer that goes on forever until I disable SO again. Approximately 2.7MB are being read over and over again. Does anyone know what the reason for this is?

    When I enable SO, I have to logoff/logon for the continuous I/O to start. The same holds true when disabling; for the I/O to stop. No other programs are open besides process explorer. It is definitely related to Prevx SO.

    XP Pro/SP3

    Al
     

    Attached Files:

    • SO1.jpg
      SO1.jpg
      File size:
      238.8 KB
      Views:
      2
    • SO2.jpg
      SO2.jpg
      File size:
      276.8 KB
      Views:
      2
    Last edited: Feb 11, 2011
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    SafeOnline analyzes memory images and compares them against the disk complements in the background to ensure that nothing has been tampered by malware. This has to take place on a constant basis but the I/O is performed in a low priority so as to not interfere with other applications. You'll definitely see the I/O taking place, but it is low-volume and critical to ensuring that your system has clean libraries loaded in core processes.

    Hope that helps! :)
     
  3. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    Are you saying the implementation described is the only way to ensure clean loaded libraries?

    Even though the I/O is low volume and does not seem to impact anything, I dislike seeing this type of behavior. Will 4.0 be doing the same?

    Al
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Why is this bad? I don't pretend to understand myself, so I'm just asking.
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    4.0 has a similar implementation but to prevent any form of tampering, the libraries do need to be re-loaded from disk to ensure they have not been modified in memory (either by hooks/code replacement/etc. which information stealing trojans do).

    As the libraries are already mapped to memory from disk, there is virtually no overhead to actually read them again.
     
  6. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    I don't know, did I say it was bad?

    I'm picky. :D Anytime I see CPU or I/O spikes on a continuous basis, I start to wonder what is going on and whether what I'm observing is necessary.

    AL
     
  7. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    would this constant IO effect battery life at all?
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Only very marginally - it's reading files that are loaded in memory so they will be cached. The OS identifies any IO as IO but this occurs exclusively from memory.
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    ok thanks, i guess ill give safeonline a try, hopefully since im using a new computer now i wont have my historic issue with prevx and my internet miraculously dieing lol :D
     
Thread Status:
Not open for further replies.