microsoft antispyware problems

For about three days I have had some strange usage spikes of my CPU. Almost to the second, every seven seconds I would get a fifty percent use spike that will only last one or two seconds. Had a heck of a time finding it, it turned out to be the microsoft antispyware. As soon as I exited the program it immediatly quit spiking. I uninstalled and reinstalled three time and got the same results every time. Looks as if I won't be useing that one anymore. I just posted this in case someone else might be having the same problems. I configured it every way possible but it made no difference.

bigc

 

I noticed that earlier today Big C .

 

I have had MS antispyware uninstalled for 24 hours now and I have not had one of the CPU spikes since. I hope they fix what ever is causing the problem.

bigc

 

I'm not seeing any spikes in either gcasServe.exe or gcasDTServe.exe processes. I tried monitoring both with auto-update ON and auto-update OFF.

I only watched for a few minutes, but I'm not seeing what you report.

I'm running MSAS with:
- OP 2.5 Firewall
- NOD32 AV
- Trojan Hunter Guard

I've run MSAS with other combinations (Trend Micro IS2005 and ZA Security Suite and Look'n'Stop Firewall) - no problems here with MSAS.

 

It would spike aproxamatly like the red line in the screen shot

 

i just reinstalled the anti spy program yesterday and just now reading this post. i checked the task manager and also have auto updates turned off on antispy. and only noticed a occasional 1 or 2 % hit on one of those 2 processes BigC has mentioned. dont seem to be a problem to me. at least on my system it dont. things run about the way theyre supposed to be.

 

BigC: I think you're worrying too much.

 

Hi BigC,

I get CPU spikes also with MSAS. I do not get as large of ones as you do, but still large enough for me not to run it. I get CPU spikes in the 15 % to 17 % range. The only things I had enabled was the agents, no updates or scheduled scans, etc....

 

Wouldn't these spikes corresponding to MSA polling the registry and wouldn't the variation in CPU usage of these spikes relate to the mixture of software that folk have?

I've had the spikes with MSA - high and low, that I assumed related driectly to the software mixture I threw MSA into - but I don't run it at present as it makes a mess of the icons in my system tray irrespective of what they might be and I can wait for it to come out of beta.

 

Hi Howard,

Possibly so, but here is my situation... I had been running MSAS from the day they released it until about 2 or 3 weeks ago with no spikes whatsoever, if there were any it was negligible. The spikes of CPU usage of 15 to 17 % just started about 2 or 3 weeks ago. I have not added any software or changed my "mixture" in anyway during this time, but for some reason out of the blue this started happening...

 

Hm, you've peeked my curiosity now so I had better install it again and see what I get

 

Nope.
MSAS checkjs once every 15 minutes, or more... I'm fairly certain of that.

MSAScaused my system to hang during startup AND shutdown.
currently its "guards" are off.

 

In my limited testing of MSAS polling time....especially after any updates to see if they have added\removed any keys they monitor....I have always noted approx every 10 second time difference from one poll to the next. Possibly you could check your time interval by using Sysinternals RegMon ....and filter only on the MSAS file gcasserv.exe

 

Okay, installed MSA again and every ten seconds I get a tiny bump of CPU activity - hardly qualifies as a spike at <5% - from gcasServ.exe. Nothing else happening (gcasDtServ.exe is very quiet)

 

I said this because its alerts are ALWAYS ALWAYS 15 minutes or more apart... and I liked the monitoring of Mike Lin's Startup Manager [www.mlin.net] much better which was truly real time.
maybe I'll check again when I reinstall.
OT ::: quick reply button's not working with maxthon browser ~as advertised~. Opens up the "new reply" window.

 

BigC....I had this high CPU usage a few weeks back and attempted to locate the conflict. About the same time I got a newer system....so I'm slowly getting things back to order and will check off and on as I reinstall programs. I still have a few to go....in particular those that monitor the registry.

OT....kind of

We are possibly talking about 2 different scenarios....but if I change my Home page....I receive an alert within just a few seconds. If I give it less than a minute and change my Home page again....I receive an alert within just a few seconds.

As I said....we may be talking about 2 different scenarios

 

heck.
I get any alerts 15 friggin' minutes later!
Darn. Anywhu... I'll be aroundany GAS/MSAS threads.

 

these spikes started after I had MSAS installed for weeks. It must have started after an update or something. Anyway it doesn't do it when I first install it. It only starts after it is updated and runs for a short while. i just will not use anything that has my CPU spiking Up to 49% every seven or eight seconds. I have just had to use other apps. Although I did like MSAS.

bigc

 

I am getting exactly the same thing with the same settings as you. What I have noticed is, if I turn off all the agents then I get no spikes.

 

This variation in CPU usage with MSAS is very peculiar. I currently have MSAS running alongside a² Guard, ProcessGuard, BOClean 4.12test, AVK 2005, Sygate Pro, Firefox, Thunderbird etc and CPU usage remains for the whole system below 10%

 

well i got rid of msantispy 1 day after i put it back on here. i noticed it was slowing down the whole system. still wasnt getting the spikes like BigC is talking about but the speed of the puter went down. took lots longer to load screens while online, and those darn annoying popups telling me stuff. like everytime i went online it popped up saying it was allowing this app. to run. arghh. i was getting annoyed. now i remember why i took it off before. maybe theyll fix some of these probs. when it goes alpha.

 

Well I waited for MS to get a few more updates to The MS antispyware and tried to use it again, this time I actually got a screen shot of what it is doing. needlessly to say it is off of my machine again. And it is without doubt MSAS causing the problem.

bigc

 

I saw the same thing on one of my computers. It really annoyed me. A 14% cpu hit every 3 seconds. Well I did some digging and discovered that the machine that had the issue had a lot of trusted and restricted sites. I ran and API viewer tool on it and sure enough this thing was parsing my list every three seconds: something like this:

Process Process ID Win32 API Parameters Return Value Status GetLastError

gcasServ 0xAE0 RtlUnicodeStringToAnsiString ansi:0x12F710, uni:0x12F720 "", doalloc:0x0 0x0 SUCCESS 0
gcasServ 0xAE0 RtlAllocateHeap Heap:0x140000, Flags:0x0, Size:0x200 0x195CC0 SUCCESS 0
gcasServ 0xAE0 NtEnumerateKey KeyHandle:0x25C, Index:0x273, KeyInformationClass:0x1, KeyInformation:0x12F5B4, Length:0x120, ResultLength:0x12F5AC 0x0 SUCCESS 0
gcasServ 0xAE0 RtlNtStatusToDosError status:0x0 0x0 SUCCESS 0
gcasServ 0xAE0 RtlUnicodeStringToAnsiString ansi:0x12F710, uni:0x12F718 "aconti.de", doalloc:0x0 0x0 SUCCESS 0
gcasServ 0xAE0 RtlUnicodeToMultiByteN MbString:0x19C7C8, MbSize:0x12, ResultSize:0x12EDFC, UnicodeString:0x195CC0, UnicodeSize:0x12 0x0 SUCCESS 0
gcasServ 0xAE0 RtlFreeHeap Heap:0x140000, Flags:0x0, Address:0x195CC0 0x1 SUCCESS 0


After unchecking the application agent that monitors trusted sites the issue seems to have gone away.

I was using a tool that added hundreds of spyware sites to the restricted zone so I can imagine all of that heap allocation and unallocation was definitely a hit large enough to register. probably some optimizing work still there to do

 

Just wanted to add that I see there is an identical agent under the internet agents section. I left this one on with no problems. Hopefully get rid of the problem without losing any of the functionality.