Webroot Spikes CPU (dramatically)

Discussion in 'Prevx Releases' started by DoctorPC, Feb 19, 2014.

Thread Status:
Not open for further replies.
  1. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    So I installed Webroot on a test machine - again today. Immediately I can tell you it has issues with spiking the CPU. Test machine is a quad core 3.2ghz, 8GB DDR4 machine running a clean Windows 8.1 install.. Avira+Mbam(Chica)+Admuncher running on it. However I uninstalled everything but WSA, and the spikes are identical.

    For testing I launched various applications, and found Webroot spiking CPU as high as 40-45% in some cases, rarely less than 30%.

    For example in this shot you can see, Webroot spiked at 30% while Chica(Mbam) is at 5.5%, and Avira a paltry 1.7%. In my view, anything over 10% is unacceptable - for any application. Note that Windows 8.1 continuously flags Webroot as a 'resource hog' if you note the color changes, Webroot descends into orange warning area.

    Edit: The spiking happens during application load. In this case it is a fresh load of Opera. When Webroot is uninstalled, application load speed improves by roughly 58%. Which potentially may be caused by the CPU spikes from Webroot. I've tried Webroot on default settings, then trimmed it down to ONLY the malware protection, same result. I've also trimmed settings down to scan on application launch only, same issue. I can duplicate this on multiple machines if necessary.
     

    Attached Files:

    Last edited: Feb 19, 2014
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Well this from my Win 8.1 Pro x64 VM.

    0% CPU and very low Memory!

    2014-02-19_14-15-20.png

    And from my Win 7 x64 host i7 CPU 16GB of 1333Mhz RAM on SSD's.

    0% CPU and very low Memory!

    2014-02-19_14-08-46.png

    TH
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you see if a scan is taking place in the background (by right clicking on the tray icon?)

    And, can you send a scan log to my username at gmail.com so that I can take a look at what else WSA was doing?

    Thanks!
     
  4. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    My god... If you want to offer any kind of support then at least follow my instructions to replicate the issue. I clearly said;

    The spiking happens during application load. Based on your screenshot, you are not launching any application.

    Webroot is doing nothing in the background, and I waited until it was 'fully' settled down, consuming no processor time or resources..
     
    Last edited: Feb 19, 2014
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    As far as I've seen, you've been offered EVERY kind of support, and haven't even bothered to comply with simple request(s) to provide a scan log...yeah, great co-operation from you...and now 'shouting'!

    The support from these guys is the best in the business, make no mistake.
     
  6. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    From what I have determined the identity protection module is reacting to some programs, in this specific case - Opera.

    Disabling IP/Phishing protection doesn't fix the issue. Changing Opera to be ALLOW or DENY within the IP module program setting fixes the issue, the CPU spikes generally go away.

    Any clue as to why that would be the case?
     
  7. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    409
    Location:
    USA--Colorado
    I have to totally agree with you Dermot! All I've seen in several different threads are attempts to demean and complain about WSA. I've seen little desire to learn or work with the WSA support team.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I don't know, but as for everything else which I've requested, a log would be the absolute first place to start.
     
  9. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Alternatively, what about installing opera on a test machine there, and attaching various websites to the speed dial, and observing?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I use Opera myself on production and dev machines and haven't ever experienced any CPU spikes.
     
  11. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i use opera myself both the new version and old one (12) and i see no spiking from it. doesnt solve my typing issue with a couple clients but i have to get back to those places to get a log file ive been down for the last week and may have to have surgery so im working on it.
     
  12. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I need to put this on an isolated test machine before I can submit logs. I don't submit, or even keep logs on the personal machines here. I also don't send emails to Gmail/Hotmail/Yahoomail. So there are a few reasons why I haven't submitted logs, I just didn't want to go into it.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Wasn't it already on a test machine? o_O
    No offense intended but sounds like tilting at windmills :D
     
  14. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I knew this would come up, which is why I said 'isolated' test machine. IE one not connected to my personal network, one that hasn't connected to it, and in general one I can guarantee doesn't store anything personal. (hence - isolated)

    So yeah, while I was testing it on a test machine, that machine was still on my home network, interacting with software/hardware on that network, etc. It would also have information on my layered protection, and potentially methods of encryption... In general - not isolated, but testing sure. Testing machine is for me to test. Isolated is for me to test for someone else, or some other company, or to help find issues such as this WSA one.
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Well, then looking forward to see this evolving into isolation and finally seeing the birth of a txt file. :)

    Btw, its not so complicated as you picture it and log manly contains a list of executables. The log is in clear text and if you are familiar with computing (sounds like you are?) you just need to inspect the log and remove whatever its for you not appropriate (e.g. user name). At least this way results will closer to a real environment.
     
  16. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I'm well aware of what is in WR logs, as well as the hundreds of other logs on a Windows machine. Some of us are paid to know this stuff, others (majority?) on this forum aren't. That's actually why I need to make sure it's on an isolated machine, with just the basics required to try and find the problem. However at this point I am involved in some other projects and cannot devote time to debugging a product. Gmail is a non-starter though, I don't respond to Gmail accounts, much less send logs or security related text through it. I'm not trying to be difficult though, I just don't send off logs to random unsecured emails. Maybe it's the HIPAA compliance engineer in me.

    Heck I just finished fixing Avira slowing boot times by about 300%, apparently a common problem with Avira that nobody has been able to solve. Now I need to submit my results to Avira forums so people know how to solve this issue. I really should be hired by these companies to solve their issues, as I waste far too much time on them.. :doubt:

    For now, WSA is a non-starter here until some serious issues are resolved, up to and including the inability to type into a browser bug others have reported that crops up randomly.
     
    Last edited: Feb 20, 2014
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Ehm... I see... lol
     
  18. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    768
    Location:
    "Here on Wilders"
    Is the Webroot Log Utility link secure and does it contain all your scans? (Just asking)
    Webroot Utility Logs.JPG
     
    Last edited: Feb 20, 2014
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I agree, about Google. Joe, should have a Webroot e-mail address, that we can send requested logs to. I will not be sending any logs to a Google address, any more, if requested in future.

    Can't trust Google!
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I do have a Webroot email address (and a Prevx one) which I'm happy to supply by PM. I just don't want them scraped by spam bots :)
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Please PM me, at your leisure! ...with address details, for use in future. ;)
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Hey Presto! That was quick...Thanks:thumb:
     
  23. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Whilst Gmail has some spam filtering, it's fair to say by publicising that address, it too could be "scraped by spam bots".

    Webroot being a security company should be able to deal with spam at the server level though. I do, however, understand where you're coming from and agree requests by PM is the better approach.
     
  24. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I actually no longer send emails to any Gmail, Hotmail/MSmail, Apple, Yahoo, Aol accounts of any kind. If I get emails from them they aren't responded to any longer. If more people did this we'd send a message, and frankly - it's pretty silly anyone is still using these companies for this. (no offense)

    In HIPAA compliance audits I find doctors using Gmail and Yahoo to send confidential patient records, even Xrays, and test results. This is ludicrous, and can result in fines, as well as civil lawsuits but most of these doctors are clueless about actual regulations/compliance, many don't care - frankly. Once audited, it's suddenly a big issue - and we get the panic calls. But don't people read the news stories? Why are they using these services?
     
  25. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Btw, as far as I can see, as of September 2013 Gmail is HIPAA compliant, the same will be soon or already it is for hotmail (now outlook.com). Actually, its not rare that some email providers provide much less security that those mentioned. :)
     
Thread Status:
Not open for further replies.