Remark about Zone Alarm 4.5.538

Discussion in 'other firewalls' started by stalker, Jan 21, 2004.

Thread Status:
Not open for further replies.
  1. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    Hello ...



    I noticed, that True Vector Service engine (or better - one certain thread of True Vector Service with priority 15 = high + 1 priority), which is bundled with the newest Zone Alarm 4.5.530 version consumes great amount of CPU, on Windows XP, I see also, that it consumes mostly CPU in Kernell mode constantly around 5 %, but sometimes up to 20 %, or even more !!

    The thing is that True Vector Service, from previous version Zone Alarm 3.7.211 - was at 0 % CPU all the time (and with CPU I mean LTCPU - Long Time Avereging CPU, which is calculated within Task Info 2003 program I am using to monitor system peformance) ...

    - I noticed also that it jumps to 30-35 % CPU, or even more, if I watch some picture in image viewer (Irfan View), and right-away, after I jump back to some other program True Vector Service CPU graph falls back to 5-10 % CPU (and hardly ever to 0, or 1 % CPU).


    As I remember there was no such behaviour in previous version of Zone Alarm - meaning, I even made some screenshots with previous version, when I compared how much RAM, CPU, GDI/User Objects, Windows Opened, Threads, Handles, etc. consumes Zone Alarm compare to Norton Firewall, so I was making those screenshots with the same Irfan View image viewer, so the same image viewer program was opened as today, when I noticed how much CPU consumes True Vector Service when running beside Irfan View, but on that screenshots (from old Zone Alarm) True Vector Service CPU usage was, as mentioned above 0 % !!

    - So when I had old Zone Alarm installed, the same program Irfan View was opened beside, but True Vector Service CPU was always 0 %, when I was viewing some image file, making screenshots, or even listen to mp3's with that very same Irfan View image viewer ... compare to now using new True Vector Service engine, when its around 5 % in Kernell mode constantly and so it becomes the most consuming CPU (Long Time Avereging) service on my computer, it consumes even more than explorer.exe !!


    The CPU consuming thread info:
    Thread ID: 1960
    Base/Dinamic Priority: 15/15 ... which is equal as high +1

    - 13 other threads has priority: 8/8 ... which is equal as normal
    - 1 thread has priority: 7/7 ... which is equally as normal -1 (not sure for this one if it is really equal exactly to normal - 1)
    - 1 thread has priority: 1/1 ... which is equally as Idle -1 (not sure for this one either)




    So, do you have any suggestions, for example which feauture to uncheck or something to minimize kernell CPU usage, etc.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    No, I don't think any settings inside the product will change what you are experiencing now. You see, obviously the product is not designed to work that way. No vendor in their right mind would sell a software firewall that continuously consumes all that processor time because no one would ever buy it.

    So, it has to be more along the lines of a conflict on your system, a bad installation or a corrupt true vector database. Can you tell us how you put the new version on your system? Was it a fresh installation or an upgrade? Have you tried rebuilding the management database? Have you tried uninstalling, cleaning and reinstalling?

    Since there are a lot of people who are using the new version without that specific problem, the above might be the best approach for you to diagnose the problem.

    Let me tell you what happened on my system on Monday - ZAP 4.0 on Windows XP. I was online and flipped over to Notepad and suddenly saw CPU spikes in a monitor I have in the systray. So, I started flipping window to window, checked task manager and it was vsmon.exe spiking. I had never had that happen before and I've used ZAP for a long time. I figured I'd reboot because I had done some intensive things and figured maybe it was a paging or other virtual memory or resource problem. But, it came right back again.

    Being a long time user I figured I'd refresh the true vector database. So, as I started that I noticed something really odd. The debug logging file in the \Internet Logs\ folder (tvDebug.log) was over 24,000KB in size. I continued on removing the current files, restarting ZAP and reloading my stored configuration from its XML backup file and everything went back to normal.

    Now, I should have suspected something was wrong the day before because I had just installed a small local proxy (which listens on 127.0.0.1 on TCP port 80) and ZAP did not add it to the programs list. At the time I figured maybe that program just didn't access the network deep enough for ZAP to see it. But, right after the refresh of ZAP and rebooting, that was the first new program ZAP saw.

    Obviously something happened in this last week that corrupted my ZAP database and it wasn't until I saw the CPU spikes that I suspected anything. (It should be noted that ZAP was still handling incoming firewall alerts fine. I check fairly often and do have the tray alerts symbol enabled.)

    I relate this story just because true vector database corruption does still happen and from time to time it may be necessary to rebuild the database. With the configuration backup facility that came into ZAP starting in the v4 releases, it's fairly easy to do this. You should give it a try.
     
  3. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia

    Hi, thanks for your fast and realistic answer. I think I haven't any real conflicts on my system, which could cause that, cause, I am let say amateur-expert especially for Windows (beside basic program languages knowledge), and I am pretty aware of how conflicts look, how it would show in PC behaviour, other resources consumption, etc. So exept this CPU consuming, there are no other problems.

    I would emphasise this again - it is happening only when using some specific program (in case of Irfan View - CPU jumps to 35%, in case of DU Meter - CPU jumps to 15 %, normally is 5 % average all the time, though in previous versions 0 % average) as "Front application". Meaning, as soon switch to another program (as front), CPU drops instantly ...

    I uninstall previous, 3.7.211 version (rebooted, deleted all data in registry, etc., rebooted again), and freshly install new one, 4.5.530.



    Thanks for help & tip
     
Thread Status:
Not open for further replies.