PG and BOClean : quote from Kevin 1-March-2005

Discussion in 'other anti-trojan software' started by FanJ, Mar 1, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Hi,

    Although I myself (still being on W98SE :oops: ) cannot run PG, I would like to quote Kevin (BOClean) to inform users of both ProcessGuard and BOClean.

    This quote comes from the BOClean-update-notice at 1-March-2005.
    (FILEDATE: 03/01/05 - 10:09:55 (US EDT) (15:09:55 GMT/UTC)).

    === begin quote ===

    NOTE: A discrepency in the number of "unique items" will be noticed - 28 obsolete entries of BOClean 4.11 and earlier legacy were removed prior to this update as BOClean 4.12 no longer requires these unnecessary entries which may result in conflicts with a program called "Process Guard" as a result of the unnecessary disk reads of INI files.

    === end quotes ===

    As from my part, I posted this only for your info.

    Cheers, Jan.
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi FanJ,

    Thanks for spotting that. The CPU usage spikes are down to ~3% and steady so far.

    Nick
     
  3. FanJ

    FanJ Guest

    You're welcome Nick ! :)

    Actually, I saw your posting in Mercurie's thread here and instead of going off-topic there, I thought it better to post it here so all would be informed ;)

    Most warmest regards, Jan.
     
  4. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Unfortunately, this does not fix the problem I am experiencing with BOClean and Process Guard, BOClean spiking at 50% CPU/ten seconds and rising. The current versions of these two programmes will not coexist/run on my machine without excessive CPU activity. The changes made to ini file reading in BOClean are not, as I understand it, a solution to the problem but are intended, until the problem can be examined in more detail and depth, to secure some alleviation which in my case they have not. It should be pointed out that the problem is grounded in the interaction of the current versions of BOClean and Process Guard and while the excessive CPU activity registers under BOClean, it is not necessarily the case that BOClean is the source of the problem. Whatever the cause, it is beyond my understanding and I currently have to disable BOClean from monitoring continuously or disable Process Guard - I do the former, but not happily.
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I surely can understand that Howard, that is bad news. the problem doesn't exist when you disable PG? or put pg in the exclude? or the whole folder from pg in the excluder?

    Probably you did this, just a question though


    Inf.
     
  6. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    The only thing that seems to work reliably is disabling Process Guard :(
    Kevin has been great and has embarrassed me with the amount of time he is spending trying to sort this out, especially as I was one of the small group of people who had serious problems with the initial release of 4.12. Now I am one of an even smaller group that has problems with BOClean and Process Guard. Terribly difficult having to choose between two great programmes both of which feel essential to me.
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    true, I wished I could help you out...beyound my limits I must say.

    Inf.
     
  8. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Way beyond my limits too, but I appreciate your kind thoughts, it is what helps make these forums such a good place to learn.
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    The fixes so far have not changed anything here either. For what it's worth, the CPU spikes on my systems top out and remain steady. Might not mean anything either, but on my P4 systems, the spikes top out at ~30% while on my Athlon 64 system the spikes top out at ~15%.

    Nick
     
    Last edited: Mar 2, 2005
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi All, Not sure if this has been tried but ProcessGuard has three other files that may need excluding as they are protected and not in the PG folder
    *\windows\sytem32\drivers\procguard.sys
    *\windows\system32\pghash.dat
    *\windows\system32\pguard.dat
    Where * = drive letter and of course "Windows" may not be your windows folders so substitute your folder name,

    HTH Pilli :)
     
  11. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    BOClean hits 50-70% on my P4 and, if I let it run long enough, will use up to one third of all CPU time - it really isn't usable with PG here.
     
  12. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I suspect that BOClean may be calling an API function a few thousand times a second which ProcessGuard would be adding "time" to, by checking to see if its ok. The solution is either to optimize BOClean so that it doesn't call API calls unecessarily or to optimize ProcessGuard further.
     
  13. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If that were the case, it is hard for me to understand the results in the image below. I'd assume that this would yield a static machine/configuration/active process dependent spiking.

    For the image shown, I simply double clicked the tray icon to bring up the BOClean menu, and then immediately closed that menu. Obviously this doesn't just open and close the menu, a number of things get reset/checked, etc.. In the image shown, BOClean had been running all night on a freshly rebooted system. CPU utilization had been spiking to the ~30% level for BOClean and dropped to ~ 5% after the open/close operation.

    The same basic result is obtained if you simply shutdown BOClean, restart it, monitor for a short time, then open/close the BOClean menu. In that case, the spike dropped from ~ 10.5% immediately after the restart to ~5% after the open/close operation. In all cases, as mentioned above, the CPU utilization will start to drift up as time passes. On one of my other home machines - same basic set-up but without PG running - the BOClean spike is ~5% or lower and constant.

    Blue
     

    Attached Files:

  14. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    I'm seeing the exact same thing as BlueZannetti, the spikes drops from 23% to 2% if i open/close the menu.
     
    Last edited: Mar 3, 2005
  15. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Thanks for the graph Blue, definately seems like a problem with BOClean then, kind of weird in a way because it is like a "memory leak" for the CPU in a way. :)
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I guess the other reasonably important thing to add is that I don't see any impact on performance, so I'm quite far away from even contemplating making a choice between PG and BOClean. I'm also assuming that what we see here is real, and that there is not some background artifact at work skewing the results.

    I believe that users of both applications who are concerned about this should step back and base any decisions regarding actions to take on the current stability of there system (rock solid in my case) and subjective assessments of whether there is an observable system response impact (none in my case).

    Blue
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I considered an actual memory leak, but I don't see any direct evidence of a leak with the application. But I know what you mean, a memory leak in the sense that it would seem to be surveying RAM that should no longer be scanned - or something like that.

    Blue
     
  18. FanJ

    FanJ Guest

    On my W98SE machine (of course I cannot run PG there) the CPU usage by BOClean is very low, as I see it in TaskInfo.
    Indeed when I open the BOClean menu (its icon goes red then) and close its menu again, then its usage rises for a little while very high during the time BOClean checks memory. After that it is normal again.
    My machine: P 3, 600 mhz, 512 MB RAM.

    Is there any other pattern to discover on the machines of those who see that high usage?
    Like for example any other security program?
    Like for example NOD32:
    I myself have excluded the BOClean files/directory in NOD32-AMON.
    As for the files: bocsec.exe , boc412.exe , BOC412.XVU
    Those files and folders are there both in long file names and in short file names.
    And NOD32KUI and NOD32KRN are excluded in BOClean.


    PS: was the new BOClean freshly installed after uninstalling the previous one?
    I don't know whether that makes a different.

    Well, only wild guesses...
     
  19. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Disabling PG from the tray icon has the same effect. When I reenable PG, BOClean's spikes return to the previous level. In terms of system performance, there is no noticeable impact and I have never considered disabling either app.

    Nick
     

    Attached Files:

  20. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Nick, what you and Blue are showing are 2 different performance problems. The one you show is how PG affects performance by controlling the flow of BOCleans API calls, this could possibly be improved in BOClean to use less api calls (not quite sure how it is designed but it most likely could be improved). What Blue is showing is a sign of another issue when BOClean has been left running for a long while and CPU usage increases out of control only with ProcessGuard on the system. Both things should be looked into I think.
     
  21. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Recent correspondence from Kevin on this matter suggests BOClean should not be using more than single figure CPU % when the machine is quiet. I am experiencing 50-70% when the machine is quiet and while opening and closing BOClean's menu has a quiescent effect on CPU activity, this is superficial and temporary on my machine, bringing a brief relief before excessive CPU activty is resumed. And yes, this was a clean install after unistalling 4.11
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Thanks for the clarification :). I see the distinction now.

    Nick
     
  23. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    I also have the same problem with Boclean taking up to 80% of my CPU at almost 10 secondso_O I have PG too...

    Look at my screenshot of Boclean CPU usageo_O


    Atomas31
     

    Attached Files:

  24. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Any remedies to the problem besides opening and closing BOCLEAN? Has anybody heard if BOCLEAN has addressed the issue?
     
  25. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I am not aware of any remedy at present, other than not running BOClean or disabling PG. I have been corresponding with Kevin about this and he is fully aware of the problem, although only a handful have communicated it to him. Last I heard he was having difficulties reproducing the problem.
     
Thread Status:
Not open for further replies.