microsoft antispyware problems

Discussion in 'other anti-malware software' started by bigc73542, Mar 16, 2005.

Thread Status:
Not open for further replies.
  1. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    For about three days I have had some strange usage spikes of my CPU. Almost to the second, every seven seconds I would get a fifty percent use spike that will only last one or two seconds. Had a heck of a time finding it, it turned out to be the microsoft antispyware. As soon as I exited the program it immediatly quit spiking. I uninstalled and reinstalled three time and got the same results every time. Looks as if I won't be useing that one anymore. I just posted this in case someone else might be having the same problems. I configured it every way possible but it made no difference.

    bigc
     
  2. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I noticed that earlier today Big C .
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have had MS antispyware uninstalled for 24 hours now and I have not had one of the CPU spikes since. I hope they fix what ever is causing the problem.

    bigc
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
  5. gud4u

    gud4u Registered Member

    Joined:
    Nov 9, 2004
    Posts:
    206
    I'm not seeing any spikes in either gcasServe.exe or gcasDTServe.exe processes. I tried monitoring both with auto-update ON and auto-update OFF.

    I only watched for a few minutes, but I'm not seeing what you report.

    I'm running MSAS with:
    - OP 2.5 Firewall
    - NOD32 AV
    - Trojan Hunter Guard

    I've run MSAS with other combinations (Trend Micro IS2005 and ZA Security Suite and Look'n'Stop Firewall) - no problems here with MSAS.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It would spike aproxamatly like the red line in the screen shot
     

    Attached Files:

  7. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    i just reinstalled the anti spy program yesterday and just now reading this post. i checked the task manager and also have auto updates turned off on antispy. and only noticed a occasional 1 or 2 % hit on one of those 2 processes BigC has mentioned. dont seem to be a problem to me. at least on my system it dont. things run about the way theyre supposed to be.
     
  8. BigC: I think you're worrying too much.
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi BigC,

    I get CPU spikes also with MSAS. I do not get as large of ones as you do, but still large enough for me not to run it. I get CPU spikes in the 15 % to 17 % range. The only things I had enabled was the agents, no updates or scheduled scans, etc....
     

    Attached Files:

  10. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Wouldn't these spikes corresponding to MSA polling the registry and wouldn't the variation in CPU usage of these spikes relate to the mixture of software that folk have?

    I've had the spikes with MSA - high and low, that I assumed related driectly to the software mixture I threw MSA into - but I don't run it at present as it makes a mess of the icons in my system tray irrespective of what they might be and I can wait for it to come out of beta.
     
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Howard,

    Possibly so, but here is my situation... I had been running MSAS from the day they released it until about 2 or 3 weeks ago with no spikes whatsoever, if there were any it was negligible. The spikes of CPU usage of 15 to 17 % just started about 2 or 3 weeks ago. I have not added any software or changed my "mixture" in anyway during this time, but for some reason out of the blue this started happening...
     
  12. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Hm, you've peeked my curiosity now so I had better install it again and see what I get :)
     
  13. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Nope.
    MSAS checkjs once every 15 minutes, or more... I'm fairly certain of that.

    MSAScaused my system to hang during startup AND shutdown.
    currently its "guards" are off.
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In my limited testing of MSAS polling time....especially after any updates to see if they have added\removed any keys they monitor....I have always noted approx every 10 second time difference from one poll to the next. Possibly you could check your time interval by using Sysinternals RegMon ....and filter only on the MSAS file gcasserv.exe :doubt:
     
  15. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Okay, installed MSA again and every ten seconds I get a tiny bump of CPU activity - hardly qualifies as a spike at <5% - from gcasServ.exe. Nothing else happening (gcasDtServ.exe is very quiet)
     
  16. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I said this because its alerts are ALWAYS ALWAYS 15 minutes or more apart... and I liked the monitoring of Mike Lin's Startup Manager [www.mlin.net] much better which was truly real time.
    maybe I'll check again when I reinstall.
    OT ::: quick reply button's not working with maxthon browser ~as advertised~. Opens up the "new reply" window.
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    BigC....I had this high CPU usage a few weeks back and attempted to locate the conflict. About the same time I got a newer system....so I'm slowly getting things back to order and will check off and on as I reinstall programs. I still have a few to go....in particular those that monitor the registry.

    OT....kind of :p

    We are possibly talking about 2 different scenarios....but if I change my Home page....I receive an alert within just a few seconds. If I give it less than a minute and change my Home page again....I receive an alert within just a few seconds.

    As I said....we may be talking about 2 different scenarios :doubt:
     

    Attached Files:

  18. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    heck.
    I get any alerts 15 friggin' minutes later!
    Darn. Anywhu... I'll be :ninja: aroundany GAS/MSAS threads. ;)
     
  19. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    these spikes started after I had MSAS installed for weeks. It must have started after an update or something. Anyway it doesn't do it when I first install it. It only starts after it is updated and runs for a short while. i just will not use anything that has my CPU spiking Up to 49% every seven or eight seconds. I have just had to use other apps. Although I did like MSAS.

    bigc
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    I am getting exactly the same thing with the same settings as you. What I have noticed is, if I turn off all the agents then I get no spikes. o_O
     
  21. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    This variation in CPU usage with MSAS is very peculiar. I currently have MSAS running alongside a² Guard, ProcessGuard, BOClean 4.12test, AVK 2005, Sygate Pro, Firefox, Thunderbird etc and CPU usage remains for the whole system below 10%
     
  22. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    well i got rid of msantispy 1 day after i put it back on here. i noticed it was slowing down the whole system. still wasnt getting the spikes like BigC is talking about but the speed of the puter went down. took lots longer to load screens while online, and those darn annoying popups telling me stuff. like everytime i went online it popped up saying it was allowing this app. to run. arghh. i was getting annoyed. now i remember why i took it off before. maybe theyll fix some of these probs. when it goes alpha.
     
  23. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Well I waited for MS to get a few more updates to The MS antispyware and tried to use it again, this time I actually got a screen shot of what it is doing. needlessly to say it is off of my machine again. And it is without doubt MSAS causing the problem.

    bigc
     

    Attached Files:

  24. Josh C

    Josh C Guest

    I saw the same thing on one of my computers. It really annoyed me. A 14% cpu hit every 3 seconds. Well I did some digging and discovered that the machine that had the issue had a lot of trusted and restricted sites. I ran and API viewer tool on it and sure enough this thing was parsing my list every three seconds: something like this:

    Process Process ID Win32 API Parameters Return Value Status GetLastError

    gcasServ 0xAE0 RtlUnicodeStringToAnsiString ansi:0x12F710, uni:0x12F720 "", doalloc:0x0 0x0 SUCCESS 0
    gcasServ 0xAE0 RtlAllocateHeap Heap:0x140000, Flags:0x0, Size:0x200 0x195CC0 SUCCESS 0
    gcasServ 0xAE0 NtEnumerateKey KeyHandle:0x25C, Index:0x273, KeyInformationClass:0x1, KeyInformation:0x12F5B4, Length:0x120, ResultLength:0x12F5AC 0x0 SUCCESS 0
    gcasServ 0xAE0 RtlNtStatusToDosError status:0x0 0x0 SUCCESS 0
    gcasServ 0xAE0 RtlUnicodeStringToAnsiString ansi:0x12F710, uni:0x12F718 "aconti.de", doalloc:0x0 0x0 SUCCESS 0
    gcasServ 0xAE0 RtlUnicodeToMultiByteN MbString:0x19C7C8, MbSize:0x12, ResultSize:0x12EDFC, UnicodeString:0x195CC0, UnicodeSize:0x12 0x0 SUCCESS 0
    gcasServ 0xAE0 RtlFreeHeap Heap:0x140000, Flags:0x0, Address:0x195CC0 0x1 SUCCESS 0


    After unchecking the application agent that monitors trusted sites the issue seems to have gone away.

    I was using a tool that added hundreds of spyware sites to the restricted zone so I can imagine all of that heap allocation and unallocation was definitely a hit large enough to register. probably some optimizing work still there to do :D
     
  25. Josh C

    Josh C Guest

    Just wanted to add that I see there is an identical agent under the internet agents section. I left this one on with no problems. Hopefully get rid of the problem without losing any of the functionality.
     
Loading...
Thread Status:
Not open for further replies.