Recommended Posts

hi stapp, you are right, restarting the service now takes a bit more time to correctly load updated modules like f.e. the scanengine (a2engine)

Share this post


Link to post
Share on other sites

Took even longer on Win 7.

Win 7 started updating soon as I turned laptop on, Win 10 (desktop) was already online for hours.

So, as I was on websites with Win 10 when EAM updated then stopped and re-started protection, was I unprotected for that time?

 

 

Share this post


Link to post
Share on other sites

The long service start time only happens for this update to 2018.7.1.8839

Usually it should restart withing seconds. When it's OFF, the PC is unprotected, which always has been the case.

 

Share this post


Link to post
Share on other sites

Thanks Frank,  I was a bit concerned that the long service restart would be with every new build.

Normally as you say the service usually restarts quite quickly.

I will of course look at the timing of service restart for each new build :lol:

Share this post


Link to post
Share on other sites

The delays are expected when you update from stable to beta.

When you get a new update on the beta feed, like today (we published a new .ini file that requires a program restart), service restart should take 5 sec orso.

if you could replicate this, i'd be interested in a2service debuglogs and a dump of a2service (when EAM is trying to restart).

During this restart period you will see 2 a2service processes in the taskmanager, which is expected. 
Pls add column 'Commandline' in the taskmanager (via context menu on a grid column header, select columns)
Pls create a dump of the one a2service that runs without the /restart parameter.

thanks

 

Share this post


Link to post
Share on other sites

So you don't need the debug logs I have for this morning for Win 7?

Do I only put the command line column in at the time or can I do it now?

P.S. The command line column is added in a different way in Win 7.

 

Share this post


Link to post
Share on other sites

we need debuglogs that correspond with the a2service processes that were active during the delays.

you can add the commandline column whenever you want

cheers

 

Share this post


Link to post
Share on other sites
4 minutes ago, Frank H said:

we need debuglogs that correspond with the a2service processes that were active during the delays.

 

No idea what you mean so I'll add these debug logs that were running at the time of the update this morning.

(unless you are meaning dumps which of course I don't have.)

a2service_20180807125038(3308).zip

Share this post


Link to post
Share on other sites

as an example:

a2service_20180807143409(7864).log

This log contains logdata from a2service that ran or runs with processID (PID) 7864

That's what i meant ;)

so if we get a dump of a2service with PID 1234, i need logs of a2service_*(1234).log

 

Share this post


Link to post
Share on other sites

Win 8.1, 64-bit

I looked back through my log for 'Protection st' (ie stopped/started message pairs) and found that whereas older stop/starts took 3-5 seconds, like Stapp's seen, recent ones have taken much longer.  In particular:

Emsisoft Anti-Malware Full 2018.7.1.8839 beta [en-us]
OS: Windows 8.1 (Version 6.3, Build 9600, 64-bit Edition)

Forensics log

Date    Component    Action    Details    
07/08/2018 00:10:14    Core    Protection started    Version 2018.7.1.8839.        33 secs    
07/08/2018 00:09:41    Core    Protection stopped    Version 2018.7.1.8839.
    
06/08/2018 18:02:32    Core    Protection started    Version 2018.7.1.8839.        32 secs
06/08/2018 18:02:00    Core    Protection stopped    Version 2018.7.0.8824.
    
03/08/2018 13:48:36    Core    Protection started    Version 2018.7.0.8824.    
03/08/2018 09:58:32    Core    Protection started    Version 2018.7.0.8824.
    
01/08/2018 18:48:53    Core    Protection started    Version 2018.7.0.8824.         4 secs    
01/08/2018 18:48:49    Core    Protection stopped    Version 2018.7.0.8818.
    
30/07/2018 23:03:16    Core    Protection started    Version 2018.7.0.8818.         3 secs    
30/07/2018 23:03:13    Core    Protection stopped    Version 2018.7.0.8818.
    
30/07/2018 22:02:18    Core    Protection started    Version 2018.7.0.8818.         5 secs
30/07/2018 22:02:13    Core    Protection stopped    Version 2018.7.0.8810.
    
29/07/2018 18:29:09    Core    Protection started    Version 2018.7.0.8810.    

 

I've turned on debug logging so I have logs for future stop/starts.    I use ProcessHacker, so seeing which instance of  a2service.exe  doesn't have a /restart parameter is easy.  But to dump that, is it enough to choose 'Create dump file' from PH's Hacker menu?   And, do I need to be running PH as the Administrator?   Do I need to turn off EAM's self-protection?   Does dumping  a2service suspend it, dump it, and let it continue running or does it terminate it as well?  Will I need to do anything special after a dump is taken?

Share this post


Link to post
Share on other sites
Quote

is it enough to choose 'Create dump file' from PH's Hacker menu

yes

 

Quote

do I need to be running PH as the Administrator?  

yes

 

Quote

Do I need to turn off EAM's self-protection

yes

 

Quote

 Does dumping  a2service suspend it, dump it, and let it continue running or does it terminate it as well

it doesn't terminate it

 

Quote

Will I need to do anything special after a dump is taken?

yes, zip it, drink a coffee (or 2) and send it to me per wetransfer.com

 

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.