JeremyNicoll

EIS custom scan took 3.6 times as long as previous time to run

Recommended Posts

I know you know this issue exists for EAM on W7x64 systems, but it's here (EIS) too.  My OS is W8.1 x64

 

Last time I did a custom scan, of the whole machine, excluding contents of zips etc that took 54 minutes:

 

Emsisoft Internet Security - Version 12.0.1.6859
Last update: 11/11/2016 09:57:23

Objects: Rootkits, Memory, Traces, C:\                                   
Detect PUPs: On                       
Scan archives: Off        
ADS Scan: On                          
File extension filter: Off    
Direct disk access: Off                                      
Scan start:     11/11/2016 10:13:47                                      
Scanned 516954                        
Found   0                                                                 
Scan end:       11/11/2016 11:07:52   
Scan time:                  0:54:05  

 

 

 

Today, 196 minutes:

 

Emsisoft Internet Security - Version 12.1.0.6970
Last update: 07/12/2016 09:51:12

Objects: Rootkits, Memory, Traces, C                                 
Detect PUPs: On                    
Scan archives: Off              
ADS Scan: On                       
File extension filter: Off      
Direct disk access: Off                                    
Scan start:     07/12/2016 10:17:40                              
Scanned 513353                     
Found   0                                                      
Scan end:       07/12/2016 13:34:08
Scan time:      3:16:28            

 

 

The laptop has a 4-core processor (so 8 cpu threads).   For the November scan I left the machine completely alone as it worked, though for today's one, I did some reading of email in a webmail system for the first hour or so of the scan.

 

 

Share this post


Link to post
Share on other sites

Do you have Process Hacker on the computer in question? If so, then while the scan is running in EAM, open Process Hacker and find a2service.exe in the list. Right-click on it, and select Properties. Switch to the Threads tab. What does the CPU usage of the threads look like while scanning? Is there one thread that appears to be doing most of the work, and the rest are barely using any CPU time (that's what the issue looks like on Windows 7 x64)?

Share this post


Link to post
Share on other sites

I started another scan and once it had got to the files part started PH (elevated).  At that point the threads display showed one thread at 12.5% cpu (which I presume meant one core frantically busy) when the other threads were all well less than 1%, often less than 0.1%.   But after maybe a minute that extreme difference levelled off a bit.  But even so that particular thread (TID) is top of the list (sorted by CPU) almost every time the display updates.  It's then typically showing values from 2 to 6 % cpu, while most of the ones immediately below are typically about 1/3 to 1/10 of that value.

 

It's one of 9 threads with start address:   a2engine.dll!InstallDdaDriver+0x2a620

 

I sat and watched this for quite a while - it's almost as good as TV!   Occasionally one of the other (9) like threads dominated the list, again sometimes with cpu figures as high as 6 - 12%, and then all the others would again have tiny values.    I stopped the scan after 18 minutes of excitement.
 

Share this post


Link to post
Share on other sites

That sounds pretty much exactly like the issue on Windows 7. Data being read from the drive by a2service.exe while scanning files should also be abnormally low.

Fortunately our developers know why it is happening, and should have a fix available soon. ;)

Share this post


Link to post
Share on other sites

Seeing reports elsewhere in the forum that this was fixed, I started a scan late last night when I'd finished using the machine.   Remember it took 54 minutes back in November, before getting worse?  Well, last night it was just 41 minutes, so I think we can safely say that's fixed!

 

Emsisoft Internet Security - Version 12.1.0.6970
Last update: 13/12/2016 02:22:19

Scan type:
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 13/12/2016 02:41:54

Scanned 511670
Found 0

Scan end: 13/12/2016 03:23:09
Scan time: 0:41:15

 

Share this post


Link to post
Share on other sites
6 hours ago, JeremyNicoll said:

Seeing reports elsewhere in the forum that this was fixed, I started a scan late last night when I'd finished using the machine.   Remember it took 54 minutes back in November, before getting worse?  Well, last night it was just 41 minutes, so I think we can safely say that's fixed!

Interesting. We've had no official releases since November 30th, and I think the Behavior Blocker is the only program component that can be updated without a program update being published.

Yesterday was Patch Tuesday though, so maybe a patch from Microsoft addressed the issue?

Edit: Ah, yes, I do remember Fabian talking about a signature update that could at least greatly lessen the impact of the issue. ;)

Share this post


Link to post
Share on other sites

It was the signature update that significantly sped up scanning. There is still a bug that can cause slow scans under certain circumstances, however for most people the signature update will be enough to keep the scan times down.

Note that the signature update did not reduce scanning/detection effectiveness.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.