JeremyNicoll

EIS 12 - virtual memory use climbing fast

Recommended Posts

This looks just like the issue discussed at length in problem  http://support.emsisoft.com/topic/20057-possible-virtual-memory-problem-with-a2serviceexe/  - which did more or less clear up at some point in the last months, though sometimes seemed to come back for a few days.

 

Right now, I've had to reboot my W8.1 machine twice in the last two hours or so, because each time  Windows'  Task Manager has shown   a2service.exe  having  Commit Size values which climb and climb.   Right now, on this  machine with 8 GB of real RAM, plus some paging space,  that Commit Size is > 9.5 GB.  It's only taken about 30-40 minutes to climb that high.   IIRC when things are working 'normally' the value is somewhere between 0.5 and 1 GB and is stable.

Share this post


Link to post
Share on other sites

I meant to say: this machine has barely been on in the last few days so hasn't had an earlier opportunity to show EIS 12 problems.  Some of tonight's reboots have been prompted by Windows' error box saying machine is about to run out of memory.  I've also had Firefox (about the only program of note that is running) crash at times that Task Manager shows memory use is more than 90% of the available VS total.   In last few mins a2service.exe just did an update, I think, and its Commit Size is now 9,849,820 K ... it's ridiculous.

Share this post


Link to post
Share on other sites

... machine has had a full shutdown and cold reboot since my first posts... and Commit Size - which was briefly around 500-600 MB has climbed steadily since then; it shot way up during that signatures update and did not come down again.

Share this post


Link to post
Share on other sites

Unlike the previous problem, this one doesn't seem to implicate the paged or non-paged pool.   Nor is a2service's working set ever large.    It's simply that the commit size grows rapidly, always eventually causong Windows to tell me to shut programmes immediately - which is when I reboot.   Starting Firefox (which was at v49.0.1 yesterday but is now v49.0.2) immediately increases commit size markedly.  

 

Using SysInternals' VMmap suggests the committed VS is all in a2service's use of 'private data' (ie not stack or mapped files, or heap storage etc) and that same classification of storage use (private data) has only a WS or about 70 MB.  This looks to me like a virtual storage memory leak. 

Share this post


Link to post
Share on other sites

Most times when I open a new tab in Firefox, a2service's commit size goes up.  The commit size never comes down.  If I shut & reopen Firefox, commit size goes up - sometimes by as little as a few tens of MB, sometimes by several hundred MB.  If I shut & reopen FF several times it gets worse and worse.  In these experiments I've typically only got a maximum of 6 tabs open.  When I open a new tab, I almost always do so pointing at a simple page - Google's advanced search, namely: https://www.google.co.uk/advanced_search?hl=en   - the most recent open of that increased a2service's commit size by 60 MB.   Any time I open a tab for a website that's even moderately complex, commit size goes up a lot more... and continues to go up as I explore that website.  And, closing tabs doesn't bring it down again.   

 

I don't run any non-standard extensions in FF.  Flash is set so FF will always ask me if it should be activated... and usually I'm not browsing pages that use Flash anyway.

Share this post


Link to post
Share on other sites

Our developers are aware that there might be a memory leak issue, however they have not been able to reproduce it in testing. Would it be possible to send us debug logs? The process should be the same on EIS 12. Here's the instructions for reference:

  • Open Emsisoft Internet Security from the icon on your desktop.
  • In the 4 little gray boxes at the bottom, move your mouse into the one that says Support, and click anywhere in that gray box.
  • At the bottom, turn on the option that says Enable advanced debug logging.
  • Either click on Overview in the menu at the top, or close the Emsisoft Internet Security window.
  • Reproduce the issue you are having (wait until the memory usage is obviously too high).
  • Once you have reproduced the issue, open Emsisoft Internet Security again, and click on the gray box for Support again.
  • Click on the button that says Send an email.
  • Select the logs in the left that show today's dates.
  • Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
  • If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
  • Click on Send now at the bottom once you are ready to send the logs.
Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

Please note that if you have a lot of debugs logs, then you should not send all of them. There is a size limit, and currently there is no error if the message is rejected due to the size being too large. Normally we only need one copy of the 4 or 5 different logs that have been saved after the time you reproduced the issue (the list shows what time each log was saved). Those logs have the following names:

  • Security Center
  • Protection Service
  • Real-Time Protection
  • Firewall
  • Logs database (contains the logs you can view in Emsisoft Internet Security by clicking on Logs at the top of the window).

Share this post


Link to post
Share on other sites

I'll try to generate some useful debug logs, maybe tomorrow if I have the energy/enthusiasm.  Tonight I notice that, using IE11 for browsing - which previously I'd thought was immune from the problem of making a2service's commit size climb rapidly - a2service.exe's commit size has become 1,049,984 K.   I had though had maybe 30 tabs open in IE at one point (of lots of issues on your website so not complex pages).  After the tabs were shut the Commit Size did not come down...  Hmm, it's up to 1,478,752 K now, when my use of IE11 has become much simpler - so maybe that's not relevant.

 

I was going to paste in the version of EIS12 I'm running.  Even after wasting ages trying to find the missing About box, and eventually finding the About display in wildly unintuitive place (this info has to be somewhere obvious if you expect people to quote the value to you!) I find that the value: "12.0.0.6844" cannot be highlighted and copy/pasted.  I'm certain I've complained about this in the past... yes.  In thread: http://support.emsisoft.com/topic/20033-automatic-updates-didnt-happen-for-several-days/      PLEASE tell the GUI designers that the look and feel of a GUI is not the whole story.  Essential information needs to be easy to find, and it really shouldn't be impossible to copy areas of text (from any part of the GUI) out elsewhere, whether it be for a user making notes about what they did, or for bug reporting.  

Share this post


Link to post
Share on other sites

I haven't been asked for any more debug information yet. If we can't reproduce it internally, then we may ask you to turn on Driver Verifier, however we will need to determine which driver is causing the issue first.

Share this post


Link to post
Share on other sites

What progress?  Has whoever's been looking at the logs learned anything?  Do they have plans to change anything?  Have they indeed started looking?  When will it be fixed?  This has been going on fro two weeks now, is amazingly annoying, and - by your own admission - was a problem you knew about before I hit it.  Come on!

Share this post


Link to post
Share on other sites

They just asked me for a memory dump. We can either get them a full memory dump from a BSoD, or we can get them a memory dump of a2service.exe. Either way, when the dump is saved the memory usage of a2service.exe needs to be abnormally higher than usual (we'll say a commit size of at least 4GB for the purposes of making it easy to know when to save the dump).

Since a memory dump of a2service.exe is much smaller and easier to send than a full memory dump from a BSoD, we can start with that. I recommend Process Hacker for saving the dump, although Process Explorer will work as well (it's a bit more complicated to create exclusions for). Also, be sure to add Process exclusions for the executable file from the tool you use, or there will be freezing issues when you try to save the dump. Here's instructions:

  • Open Emsisoft Anti-Malware.
  • Click on Settings in the menu at the top.
  • Click on Exclusions in the menu at the top.
  • To the right of the list to Exclude from scanning, click on the Add file button.
  • Navigate to the file you would like to exclude, click on it once to select it, and then click Open.
  • To the right of the list to Exclude from monitoring, click on the Add file button.
  • Navigate to the file you would like to exclude, click on it once to select it, and then click Open.
  • Close Emsisoft Anti-Malware.
Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen.

Since you're using a 64-bit edition of Windows, I'll assume you'll be using the 64-bit version of Process Hacker. The file you'll need to exclude is ...\processhacker-2.39-bin\x64\ProcessHacker.exe (the ... is where you extracted the Process Hacker files to when you downloaded them, and of course the folder name "processhacker-2.39-bin" can vary).

If using Process Explorer, then you'll need to run it, then look in your TEMP folder for a file named procexp64.exe and move it to your Desktop or somewhere else easy to remember, close Process Explorer, and then add exclusions for the procexp64.exe file.

Once you have the exclusions created, you should be ready to save the memory dump. Watch the memory usage of a2service.exe in Process Hacker or Process Explorer until the commit site exceeds 4GB, then simply right-click on it and select the option to create a dump.

Share this post


Link to post
Share on other sites

This is a rather interesting one, since the information about what had allocated the memory is not in the dump. The developer who looked at the dump doesn't think the issue is in the firewall engine, but he isn't able to confirm that from the information that was in the dump. If I'm asked for any more debugging information, then I'll let you know. Otherwise, our developers will do what they can to find the cause of the issue.

Share this post


Link to post
Share on other sites

Thanks for the update.  At this instant, a2service has a CS of a bit over 1.2 GB, I ran SysInternals' VMmap to see if that gives any clues.  Obviously wherever the problem is, it's heap data (though I guess that won't help you much)... and VMmap does show ID values - mostly 5 or 6 - on those - do those numbers mean anything to your developers?  VMmap has an option to export a text file listing details about each block, though.   

 

VMmap display looks like: https://www.dropbox.com/s/b1k97pwtdfq7fnk/20161022%202055%2010%20VMmap%20%2820161122%20a2service%29%20VMmap.jpg?dl=0

 

I'll PM the exported file to GT500.  If you want me to recreate a much worse scenario and - say - a new dump and the info from VMmap, let me know.  But there's not much point unless the exported VMmap data might provide useful hints.

Share this post


Link to post
Share on other sites

This problem is still with me.  I'm using IE11 (rather than my preferred Firefox) which certainly makes it less of an issue, but whenever I accidentally or intentionally start FF another chunk of virtual memory goes AWOL.  Has anyone made any progress?

Share this post


Link to post
Share on other sites

... Has anyone made any progress?

I've been told that new debug log output has been added in the last stable release of EIS to help identify this issue. I think one or two other users have already sent us logs, however if you would like to send some as well then feel free to do so. I recommend enabling debug logging, restarting the computer by right-clicking on the Start button and going to "Shut down or sign out", and then trying to reproduce the issue and sending the logs like normal. Be sure to paste the link to this forum topic in the message when you send the logs, so that they get forwarded to me.

Share this post


Link to post
Share on other sites

I read this threat and i don't know if it 's te same, but when EIS 12 is updating it selves , i can't do a thing with my laptop.

If the update is ready i can use the laptop futher.

 

For example , microsoft word hang,  internet hang, when IE 12  is updating.

Share this post


Link to post
Share on other sites

This problem is still with me.  I'm using IE11 (rather than my preferred Firefox) which certainly makes it less of an issue, but whenever I accidentally or intentionally start FF another chunk of virtual memory goes AWOL.  Has anyone made any progress?

 

You might try Opera.   I've been a long time FF user, and lately I just had it with FF, to many issues.   Opera is proving very smooth and I am not looking back

Share this post


Link to post
Share on other sites

You might try Opera.   I've been a long time FF user, and lately I just had it with FF, to many issues.   Opera is proving very smooth and I am not looking back

Opera Software is in the process of being purchased by a Chinese company, and since Chinese browser makers have been caught secretly collecting data on the users of their browsers it's possible that as development of the browser is taken over by the Chinese company it may no longer be as safe as it once was.

The co-founder and original CEO of Opera Software founded an alternative browser project (also based on Chromium) called Vivaldi if you'd like to try something different than Firefox that's still fairly modern, and works with modern extensions (you can install pretty much anything from the Google Chrome extensions site). I have uBlock Origin, LastPass, and a few other extensions installed and they all work fine even though Vivaldi has its own UI (written in JavaScript/HTML/CSS I would believe) and a host of custom features that Chromium doesn't have. They also have frequent snapshots of new testing versions that you can install if you like to test new features.

Share this post


Link to post
Share on other sites

Poor health (as usual) has kept me away from all computer stuff since I last posted.  I really don't know if I'll have a chance to try the beta in the next few days.    

Share this post


Link to post
Share on other sites

On second thoughts... I turned on Beta updates, did an immediate update, then - just for a cleaner environment - did a full / cold shutdown and reboot.  So far it's looking fantastic!  Virtual memory use is not climbing at all.

 

Share this post


Link to post
Share on other sites

I think they ended up finding that it was in the firewall core, however our developers have not told me anything specific about it.

Share this post


Link to post
Share on other sites

OK; are the extra diagnostics that were added to the code being left in place so that in future, if something like this happens again, it will be easier for you to tell from logs that the problem has returned?

Share this post


Link to post
Share on other sites

As far as I know, the debugging code is being left in place. Whether or not such code gets removed depends on its impact on the software in general, and whether or not it could be useful for future debugging.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.