JeremyNicoll

Member
  • Content Count

    1767
  • Joined

  • Last visited

  • Days Won

    26

Everything posted by JeremyNicoll

  1. Terminating and restarting a2start did bring back the logs display.
  2. It's not just the spikes though, cpu usage is still growing. I'm seeing lows of 0.56-0.62 now and highs of around 0.81-0.83 ... though am just going to terminate and restart a2start to see if that fixes the logging issue.
  3. Or (unless TM under Win 10 is a lot better than it is under Win 8.1) use Process Hacker where you can also filter the display to show, say, only tasks with "Emsi" in their command lines/parms.
  4. @Frank H Before I try terminating and restarting a2start ... I've been looking at something else. I turned self-protection off then copied the logs.db3 file elsewhere. Using sqlite3 I used ".dump" to create a readable text file version of the log. Looking at the unix epoch date stamp values for entries being added to the ForensicLogs table, it's clear that logging is working ok - there's uptodate stuff being written into the log database itself.
  5. Opening that dropdown and toggling to Actions rather than Components, then closing the choice and waiting a while makes no different, likewise reverting to the All components selection. I did earlier have debug logging on (as I normally do all the time) but turned that off when Arthur asked if that affected the weird cpu use. I've no idea if the (non-debug) log had any contents before that.
  6. Win 8.1 64 bit The logs display is completely empty. (I have 'all components' set, and the filter field has no contents not even spaces.)
  7. And here, I'm now seeing patterns like 0.24 0.44 0.45 0.24 0.45 0.45 0.24 ... and less often, peaks of around 1.4%.
  8. I see from the video that you have File Guard set to Paranoid. I have mine set to Thorough... and have found various instances of EAM doing things in ways I do not find intuitive. All the normal explanations you get given here assume you have FG set to Default - which is its least sensitive setting. My impression is that on Thorough, and I'm sure, Paranoid, different bits of EAM act in a sequence that certainly doesn't make sense to me, and neither bit seems to be able to co=operate with the other part. You're probably seeing a FG detection based on scanning the file before it runs, plus a Behaviour Blocker one after it starts to run. Or something.
  9. I've just posted in the main forum thread (because 'normal' users who don't use betas were recommended to try it) about a2start cpu (on my Win 8.1 system), where I said: -------------------------------------------------------- My initial impression regarding a2start cpu behaviour has changed, but maybe isn't right. I thought that last night after the dynamic install of the beta, and this morning I have done a full shutdown and cold boot. (Using 64bit Win 8.1 with a 4-core 8-cpu machine). Previously when a2start was behaving, its cpu use would typically be a steady 0.11 or 0.12%. When I first logged-in after the reboot today, a2start was showing changing cpu use, on what seems (PH-wise) to be a 3-second cycle, that is I'd see over a 3-second period values like 0.09 0.23 0.22 (ie 0.09 then a second later 0.23 then a second later 0.22 then a second later it'd go back to 0.09 and that would repeat). By about 25 minutes later, there's been a slight increase. The low figure is typically 0.10 or 0.11 and the higher ones 0.27-0.30. There's still a 3-second pattern. Also: this happens even when debug-logging (which I normally always have on) is turned off. Lows now are 0.12-0.13 and highs around 0.32-0.34 ... and I've seen a tiny handful of higher values too (between 0.4 and 0.5). --------------------------------------------------------
  10. > Out of curiosity, does it do this with debug logging off as well? Yes.
  11. Oh no! Now I'm feeling, err, sheepish.
  12. My initial impression regarding a2start cpu behaviour has changed, but maybe isn't right. I thought that last night after the dynamic install of the beta, and this morning I have done a full shutdown and cold boot. (Using 64bit Win 8.1 with a 4-core 8-cpu machine). Previously when a2start was behaving, its cpu use would typically be a steady 0.11 or 0.12%. When I first logged-in after the reboot today, a2start was showing changing cpu use, on what seems (PH-wise) to be a 3-second cycle, that is I'd see over a 3-second period values like 0.09 0.23 0.22 (ie 0.09 then a second later 0.23 then a second later 0.22 then a second later it'd go back to 0.09 and that would repeat). By about 25 minutes later, there's been a slight increase. The low figure is typically 0.10 or 0.11 and the higher ones 0.27-0.30. There's still a 3-second pattern.
  13. Joining in... (except stapp seems to have software that's 20% better than what I have... with a 6-digit beta version number, I only got 5 in mine - maybe a tantrum is needed: I WNAT ANTHOER DGIIT!! WAAAHHH!!)... I have a different problem. I did a full/cold shutdown and reboot, and now - on my Win 8.1 64bit system - the systray action centre flag has a big red cross on it and Windows is telling me that both Windows Defender and the installed antispyware/malware app are turned off.
  14. Excellent. I look forward to finding out if it really is!
  15. @GT500said: You will also need to disable self-protection in EAM's advanced settings before it will be possible to terminate a2start.exe this way. Are you sure? Self-protection is on, here, but I terminate a2start several times a day (using Process Hacker's Terminate, rather than TM's End Task) with no difficulty.
  16. @Jason F - in your screenshot, is CPU use the second column from the right? (Column layout is up to you - they can be reordered - and that means I can't tell.) Because if it is, you're showing a2start (which runs the GUI) using 4% cpu. And - as @GT500pointed out above that means one core is running flat out on a2start. It should be using much much less. As well as the known problem when a2service sometimes uses far too much cpu, there's a related (maybe) problem where a2start uses far too much cpu. That's discussed in the thread: https://support.emsisoft.com/topic/32777-high-cpu-usage-from-a2start-and-commservice/ EAM works fine with a2start stopped - you should be able to right-click it in Task Manager and choose to End Task. (Though that will need you to run Task Manager under Admin auth.) If and when you later click the systray icon to access the GUI, a2start will be restarted.
  17. If you have a Dropbox (as I do) or similar account with another cloud storage provider you could upload it there and send GT500 a personal message (hover over his avatar to here to see the option) telling him the URL. That's how I normally do this. I also ask Emsi to let me know when they've grabbed it so I can delete the file from my Dropbox.
  18. In 2019 when I renewed my licence, there was an entry in EAM's log that said: A notification message "Your license has been extended by 365 days. The new expiry date is in 395 days." has been shown" This year, there's nothing in the log about the licence changing ... though it's clear from elsewhere in the GUI (the auto-renewal thing being turned back on and the expiry date no longer being visible, not even in a tooltip) that it has done. Why no log entry?
  19. Have you made sure that any BB rules for the programs you were testing, were deleted before each test?
  20. Did you read: https://help.emsisoft.com/en/2270/advanced-settings/ ? I think it only matters for programs that appear to be doing something odd. When EAM might at first think that they are malware, it will look online (if you have also chosen "Look up reputation of programs". Then, if the online system thinks the program is ok, it will allow it if you have also set "Automatically allow...". So, when you tested to see if there's a difference, were you running a program that tried to do something suspicious? Was that program one that EAM (or you) hadn't already created a rule for? Do you have "Look up reputation..." set?
  21. Why? Might be if your version of Chrome runs any plugins or extensions that go looking for things. However, I looked in the Google Chrome Help forum for references to this "Continue running..." option and found some people who have the option turned off still have google tasks running. Nobody who actually knows why Chrome does stuff answered any of the questions; answers were just guesses from other users. One example / guess I saw related to "Metro" / "Modern" apps ... suggesting that if you have any that eg use google to fetch news headlines and show them in tiles, that some of these tasks could be the fetchers that have to run all the time for that to work. I have no idea if that's actually the case.
  22. I have no GoogleUpdater running here (Win 8.1, using Firefox). But I do have a "GoogleCrashHandler" and a "GoogleCrashHandler64" both of which were started by a parent process that's no longer running - probably an instance of Google Chrome. They were started a couple of weeks ago; one has used no cpu time and the other less than a quarter of a second's cpu time - which is fair enough if they just start and wait for something. @andrewek - you say one machine doesn't have the updater running; have you looked at every page of options in Google Chrome on both systems to see if they are set up the same way? Who starts them? Dunno. Have you searched the registry for entries naming these programs? Have you looked in the event logs for audit records showing them being started (only possible if you have process creation auditing turned on)? If you go into Chrome (and it itself is uptodate) what about the things listed at (URL) chrome://components - you should be able to ask Chrome to (try to) update each of those. If you do, do they actually get updated, or say they're uptodate? Maybe although the main part of Chrome is uptodate one of those smaller bits is not, and it keeps trying to update and fails for some reason?
  23. @MJmusicguy - when the OS dumps, it has to write a copy of everything in the in-use memory, to disk. It's not safe on a system that's hurt to use usual files for that (the file system may be in a mess because of whatever has gone wrong) so the OS instead writes the info to the pagefile (which is a private file only ever used by the OS). When the OS is rebooted the dump data inside the pagefile is then copied out and put into C:\WINDOWS\MEMORY.DMP It follows that the pagefile needs to be big enough to hold a LOT of data. You maybe don't normally have a very large pagefile, but to allow this dump process to work you'll have to make a big one. On the webage about pagefile changes, do you see the screenshot at "F" in section 6? Follow the instructions to get to the same place on your system and screenshot it or make notes of what it says - how many drives, what sort of pagefiles any of them have, and tell us what the values are. Don't change anything for now, just Cancel out of that pane.
  24. > Keep in mind that Microsoft already implemented such a feature... But don't users have to turn it on? Security-minded users might well do so, but those who couldn't care less, or are non-technical, or think it won't happen to them, won't do. Tell me, can Win 10 users enable Controlled Folder Access and also use EAM? Or is CFA only possible if you use Defender's a/v capabilities instead of EAM? (I would very much like to have CFA, not just for protection against ransomware etc, but also programming accidents (ie situations I hadn't properly thought through in my own code) and mistakes made using unfamiliar products. As far as I can tell CFA is a pretty crude system, with folders being protected or not - whereas it's even better if you can dictate which processes can access particular folders. CFA - as far as I know - does allow you to grant access to all allowed folders, per program, but that's a bit unsubtle. There's no reason why - say - my favourite graphics utility should be able to update system folders; it'd be far better if it could be set up only to be able to update the folders where I kept the project I was working on.)