SeriousHoax

High CPU usage from a2start and commservice

Recommended Posts

This two services are using high CPU for seemingly no reason. Specially a2start.exe which is using CPU even when the system is idle. For few seconds everything goes back to normal then it starts using CPU again. When a2start uses CPU, commservice starts using it as well. Both processes are causing unnecessary cpu usage.  What's causing this issue? I've attached the logs and task manager image.

Logs:  link removed and sent to GT500

 

t.png
Download Image

t2.png
Download Image

Share this post


Link to post
Share on other sites

I've excatly the same problem on both my desktop and laptop, running the latest version of Win 10. There's obviously something very wrong with today's update (2020.2.1.9977). Emsisoft should let us revert to the earlier version immediately or fix the problem. 

Share this post


Link to post
Share on other sites
1 hour ago, eliastz said:

I've excatly the same problem on both my desktop and laptop, running the latest version of Win 10. There's obviously something very wrong with today's update (2020.2.1.9977). Emsisoft should let us revert to the earlier version immediately or fix the problem. 

You can revert to an older version (not the immediate past one though, but one that may be a month or two older) by going to Settings - Updates - Update feed, and changing from "Stable" to "Delayed".  Once you've altered the setting, do an "Update" and EAM will download and install the older version.   Keep the setting at "Delayed" until you are willing to come back to the newest version - as soon as you change the setting back to "Stable" the following "Update" will change the program version.

Share this post


Link to post
Share on other sites

Appeared to be working OK for an hour or so, following two reboots, but the problem with the Emsisoft Protection Service is now back. Emsisoft should undo urgently whatever it was that today's program version update did. Everything was working fine before that update. 

Share this post


Link to post
Share on other sites
12 hours ago, SeriousHoax said:

Multiple reboot didn't fix my problem. I've uninstalled for now. Release an update fixing the bug and let us know.

Did you try the Delayed update feed? That would allow you to downgrade to a previous version that doesn't have this issue on your computer.

Here's how to switch to the Delayed update feed:

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click on Updates in the menu at the top.
  4. On the left, in the Updates section, look for Update feed.
  5. Click on the box to the right of where it says Update feed, and select Delayed from the list.
  6. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock).
  7. Select Update now from the list.

Share this post


Link to post
Share on other sites
15 hours ago, GT500 said:

Did you try the Delayed update feed? That would allow you to downgrade to a previous version that doesn't have this issue on your computer.

Here's how to switch to the Delayed update feed:

 

  1. Open Emsisoft Anti-Malware.
  2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
  3. Click on Updates in the menu at the top.
  4. On the left, in the Updates section, look for Update feed.
  5. Click on the box to the right of where it says Update feed, and select Delayed from the list.
  6. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock).
  7. Select Update now from the list.

 

I haven't tried this but I don't wanna risk anything for the time being. I'll wait till it's fixed with an update.

Share this post


Link to post
Share on other sites
8 hours ago, SeriousHoax said:

I haven't tried this but I don't wanna risk anything for the time being. I'll wait till it's fixed with an update.

From a security standpoint it might be safer to go ahead and reinstall and run on the delayed feed (it would certainly be safer than relying on Windows Defender).

Share this post


Link to post
Share on other sites
11 hours ago, GT500 said:

From a security standpoint it might be safer to go ahead and reinstall and run on the delayed feed (it would certainly be safer than relying on Windows Defender).

Did it. The process took quite a while but anyway the problem is gone now. Currently it's at version: 2019.11.1.9884

Hopefully a new version fixing the bug will be out soon.

Share this post


Link to post
Share on other sites
13 hours ago, SeriousHoax said:

Hopefully a new version fixing the bug will be out soon.

Would you be willing to switch back to the Stable update feed and get us debug logs?

Since only two people have reported this issue, we won't know what's causing it until we get some debug information.

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

Would you be willing to switch back to the Stable update feed and get us debug logs?

Since only two people have reported this issue, we won't know what's causing it until we get some debug information.

I have exactly same issue. CommService is now frequently spinking in CPU usage, for few seconds but very often. I have never seen this proccess in the past and never had issue with EAM CPU load (unless running scan or so). Enabled logging, doesn't seems to write anything yet. Located in the Program Files folder, right? Where should I upload it eventually? 

Share this post


Link to post
Share on other sites

@Jakub K.  Debug logs are not located in the program files folder  but instead in: "C:\ProgramData\Emsisoft\Logs".          Ideally you should disable debug logging in due course (or if you want to continue it, disable and immediately re-enable them).  Then zip up the files concerned (note that their names show the 'yyyymmdd hhmmss' time when they were first created) and send them to Emsisoft.   I usually put the zip in my Dropbox folder and send a private message to GT500 telling him the URL(*).   You can also use the EAM GUI to email files to Emsisoft, though that doesn't always work if the files are huge:

1. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles.
2. Click on the button that says Send an email.
3. Select the logs on the right that show today's dates (if you try to send too many logs, then they may not receive them).
4. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (ie reference this discussion).  You can also attach screenshots etc if needed.
5. Click on Send now at the bottom once you are ready to send the logs.

Make sure you don't leave debug-logging on unnecessarily - it creates huge files and could fill your disk up and slow down your machine!

*  You can send such a message by hovering over his avatar and picking the "Message" option.

  • Like 1

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

Would you be willing to switch back to the Stable update feed and get us debug logs?

Since only two people have reported this issue, we won't know what's causing it until we get some debug information.

I have attached logs in my post above. Does that contain the necessary data?

Besides I faced another problem today. Emsi was installed and running fine but suddenly I noticed Anti malware service, the service which is related to Windows Defender was running. Why would that be enabled? Didn't go away after reboot. Even Windows Security center was showing that I have Windows Defender enabled. Other utility programs which can show security center information was showing that both Emsisoft and Windows Defender are enabled. So what actually happened? Maybe while downgrading Emsisoft didn't register itself properly in security center.

I had no choice but to uninstall Emsisoft. Btw, in another thread I showed that even after unstallation, Emsisofts registry key was still there in security center section. The same happened again. This is a freshly installed Windows 10 so it's not possible that it's a continuation of the my previous issue but rather the uninstaller of Emsisoft probably has some kind of a bug which is why it's failing to remove its registry key from security center.

Anyway, I had too much trouble with Emsisoft this week and won't install it again till the bugs are fixed. I may try reproducing the issue in a VM and share logs. In the meantime, maybe other users facing these issues can provide the necessary logs.

To reproduce the bug on your system try installing Emsisoft in a fresh system where it wasn't installed before.

Share this post


Link to post
Share on other sites
39 minutes ago, SeriousHoax said:

I have attached logs in my post above. Does that contain the necessary data?

Not unless the logs you attached are /debug/ logs - which you'd have had to enable (at the foot of the list of options in: Settings - Advanced).

 

39 minutes ago, SeriousHoax said:

Besides I faced another problem today. Emsi was installed and running fine but suddenly I noticed Anti malware service, the service which is related to Windows Defender was running. Why would that be enabled? Didn't go away after reboot. Even Windows Security center was showing that I have Windows Defender enabled. Other utility programs which can show security center information was showing that both Emsisoft and Windows Defender are enabled. So what actually happened?

Maybe, but nobody will be able to tell what went wrong without seeing debug logs (which will show the programmers definitely why EAM thinks what it does).

 

39 minutes ago, SeriousHoax said:

Anyway, I had too much trouble with Emsisoft this week and won't install it again till the bugs are fixed. I may try reproducing the issue in a VM and share logs. In the meantime, maybe other users facing these issues can provide the necessary logs.

Many bugs don't get fixed (in any application) unless programmers can recreate the issue, or they can see from the logs and traces why the program got it wrong.  Of course, the problem might get fixed as a side-effect of aome other change being made in future.

 

39 minutes ago, SeriousHoax said:

To reproduce the bug on your system try installing Emsisoft in a fresh system where it wasn't installed before.

That might not be enough.  The users who've seen this problem might have systems which share a characteristic that causes the problem.

Share this post


Link to post
Share on other sites
31 minutes ago, JeremyNicoll said:

Not unless the logs you attached are /debug/ logs - which you'd have had to enable (at the foot of the list of options in: Settings - Advanced).

Yes I enabled that before submitting the logs. Logs attached above should have the info I guess.

32 minutes ago, JeremyNicoll said:

That might not be enough.  The users who've seen this problem might have systems which share a characteristic that causes the problem.

Already 2 other users in this thread faced similar issue so maybe they can share their logs too. In my case both times it was a fresh installation and the second time it was a freshly installed Windows 10 too so that's why I said maybe it would be possible to reproduce the issue with a new installation of Emsisoft.

Share this post


Link to post
Share on other sites

@SeriousHoax and @Jakub K. thanks for the debug logs. Would it also be possible to send us FRST logs? You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Share this post


Link to post
Share on other sites
On 2/21/2020 at 12:13 PM, GT500 said:

@SeriousHoax and @Jakub K. thanks for the debug logs. Would it also be possible to send us FRST logs? You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

I have FRST logs but it was after I uninstalled Emsisoft due to the bug. Would this log be helpful? If yes then how should I sent it to you?

Share this post


Link to post
Share on other sites
11 hours ago, SeriousHoax said:

I have FRST logs but it was after I uninstalled Emsisoft due to the bug. Would this log be helpful? If yes then how should I sent it to you?

Yes, that's fine.

Share this post


Link to post
Share on other sites
12 hours ago, SeriousHoax said:

If yes then how should I sent it to you?

You can attach them to a reply to this topic, or send them in a private message.

Share this post


Link to post
Share on other sites

Never mind, I see that Jakub already sent me FRST logs, and neither of those programs are installed.

The only similarities I see are both of you have VPN software installed (although not the same ones), both have download managers installed (again not the same ones), and both have VirtualBox installed.

Share this post


Link to post
Share on other sites
17 hours ago, eliastz said:

I've none of these pieces of software and the Emsisoft Protection Service is currently at 31% CPU. 

Would it be possible to get us FRST logs? You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Share this post


Link to post
Share on other sites

Hello,

 

i have the same problem here: High CPU usage (about 25% periodically) by a2start.exe using the stable updates.

Using delayed updates helps atm.

 

some infos:

Windows 7 pro SP1 last Updates

no windows firewall active for testing

comodo firewall for testing completely open/ no log entries of blocked attempts

pihole filtering for testing completely open

Openvpngui installed, no vpn active while testing

host file in \etc\hosts for testing completely open

 

Best regards, Lars

 

Share this post


Link to post
Share on other sites
On 3/1/2020 at 10:03 AM, lw12 said:

High CPU usage (about 25% periodically) by a2start.exe using the stable updates.

Is it only in a2start.exe? CPU usage wasn't high in a2service.exe as well?

  • Like 1

Share this post


Link to post
Share on other sites

It's the a2service that's out of control on both my laptop and desktop - even worse now that I updated to 2020.3.0.10024. Everything was working fine before the two most recent program updates arrived. 

  • Like 1

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

Is it only in a2start.exe? CPU usage wasn't high in a2service.exe as well?

Yes, it's only a2start.exe.  a2service.exe works well

Share this post


Link to post
Share on other sites

For those of you who have VPN software installed, does uninstalling the VPN software have any effect on the issue? You can reinstall it again after testing.

  • Like 1

Share this post


Link to post
Share on other sites

i tried out today deinstalling open vpn/rebooting system, then setting emsisoft updates to stable, updating emsisoft and rebooting again.

After that the error seems to be gone.

Then i installed openvpn new./ rebooting system. After all the error is not here anymore at the moment.

 

 

 

Share this post


Link to post
Share on other sites
13 hours ago, lw12 said:

Then i installed openvpn new./ rebooting system. After all the error is not here anymore at the moment.

That's interesting. I wonder if the OpenVPN driver configuration was out of date or damaged somehow.

If anyone else is still having this issue, QA is asking for a dump of a2start.exe while it's CPU usage is peaked. In order to get this, the self-protection in EAM is going to have to be turned off, or EAM will cause the tool you're using to save the dump to freeze. Open EAM, go to Settings, click on Advanced in the menu at the top, and turn off the option for Self-protection.

There are a number of tools you can use to save a dump of an application, however we usually recommend Process Hacker (you can use the portable version if you'd prefer, just make sure you use the x64 version unless you have a 32-bit version of Windows). Be sure to run Process Hacker as an administrator (right-click and select Run as administrator). Here's how to save the dump:

  1. Once Process Hacker is running, type emsi into the search field in the upper-right so that it only shows Emsisoft applications.
  2. Find a2start.exe in the list (it should be at the bottom) and right-click on it.
  3. Select Create dump file from the list, and select a place to save the dump.
  4. Find the dump file you saved, right-click on it, go to Send to, and select Compressed (zipped) folder.

You can use 7-Zip or WinRar to compress the dump file instead of you prefer. We can open 7z and RAR files in addition to ZIP.

Once you've compressed the dump file, you should be able to send it to me in a private message. I recommend using file attachments on the forums to send dumps rather than using file sharing services unless you encrypt them when compressing them.

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

That's interesting. I wonder if the OpenVPN driver configuration was out of date or damaged somehow.

 

Out of date is possible. I had installed openvpn in autumn 2019, pity i can't say which version, perhaps an older one. After reinstalling i installed V2.4.8 from OKT,31 2019 and GUI V11.14.0.0.

https://fossies.org/windows/misc/openvpn-install-2.4.8-I601-Win7.exe/

Share this post


Link to post
Share on other sites
22 hours ago, lw12 said:

Out of date is possible. I had installed openvpn in autumn 2019, pity i can't say which version, perhaps an older one. After reinstalling i installed V2.4.8 from OKT,31 2019 and GUI V11.14.0.0.

Third-party VPN software that uses OpenVPN drivers may not update those drivers very often either, so it's possible that everyone using such software also has outdated OpenVPN drivers causing issues. Hopefully they can let us know if uninstalling the VPN software helps, or perhaps get us a dump to send us so that we can try to figure out why it's happening.

Share this post


Link to post
Share on other sites
On 3/7/2020 at 8:04 AM, GT500 said:

Third-party VPN software that uses OpenVPN drivers may not update those drivers very often either, so it's possible that everyone using such software also has outdated OpenVPN drivers causing issues. Hopefully they can let us know if uninstalling the VPN software helps, or perhaps get us a dump to send us so that we can try to figure out why it's happening.

no any more error behaviour here. Thank you for help.

Best regards

Share this post


Link to post
Share on other sites

OK, so that's two that appear to be resolved by uninstalling VPN's, and one that wasn't.

For whatever it's worth, I wasn't able to reproduce the issue with Windscribe VPN and simplewall installed on Windows 10 x64. Regardless, QA is looking in to this to see what's causing it. If anyone else still experiencing these issues wants to send us debug logs and dumps of Emsisoft Anti-Malware processes while their CPU usage is high then please feel free to do so.

Share this post


Link to post
Share on other sites
15 hours ago, SeriousHoax said:

Any update on this? Were you able to reproduce the high cpu usage?

I wasn't able to, however I haven't heard anything from QA. They may be waiting for more debug information.

Has anyone tried the current beta to see if that helps?
https://blog.emsisoft.com/en/36012/emsisoft-anti-malware-2020-4-beta/

Share this post


Link to post
Share on other sites

QA says we're waiting for process dumps from anyone who is still effected by this.

They are also curious if the issue is still present after disabling the Web Protection and restarting the computer.

Share this post


Link to post
Share on other sites

We think we've fixed this issue, and have a test build available if anyone would like to try it. Here's how to install it:

  1. Open Emsisoft Anti-Malware.
  2. Click on Settings.
  3. Click on Updates in the menu at the top.
  4. Look for Update feed in the list under the "Updates" section.
  5. Click on the Edit button to the right of "Update feed".
  6. Switch to Custom feed then copy and paste 27396_tst into the field next to it.
  7. Click OK to save the changes.
  8. Click on the Home/Overview button in the upper-left (looks like a little house).
  9. On the right, just under the blue "Settings" tile, click the Update now link.
  10. Allow Emsisoft Anti-Malware to restart once the update is done installing (this may take a minute or two).

Share this post


Link to post
Share on other sites
2 minutes ago, GT500 said:

We just released a stable update with changes that we believe will fix this issue:
https://blog.emsisoft.com/en/36069/emsisoft-anti-malware-2020-4-1/

If anyone who had this issue is still on the Delayed update feed, please feel free to switch back to the Stable update feed.

Thanks. I just came here ask whether the changelog is related to this one. Good to know it's finally fixed.

Share this post


Link to post
Share on other sites

Sadly it's not fixed yet. High CPU usage from the CommService with 10-15 seconds delay in between. Tried to attach logs here but getting a -200 error.

Share this post


Link to post
Share on other sites
7 hours ago, SeriousHoax said:

Sadly it's not fixed yet. High CPU usage from the CommService with 10-15 seconds delay in between. Tried to attach logs here but getting a -200 error.

Can you put them in a password protected ZIP archive, upload them to a file sharing service (Google Drive, Microsoft OneDrive, etc), and send me the download link and password in a private message?

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

Can you put them in a password protected ZIP archive, upload them to a file sharing service (Google Drive, Microsoft OneDrive, etc), and send me the download link and password in a private message?

Sent.

Share this post


Link to post
Share on other sites
53 minutes ago, SeriousHoax said:

Sent.

Thanks. I've downloaded your logs and forwarded them to QA.

  • Like 1

Share this post


Link to post
Share on other sites

@SeriousHoax apparently there was more than one issue that was causing high CPU usage, and the one you're experiencing is different than the one that was patched. If we need any more debug info than what we have already, then I'll let you know.

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

@SeriousHoax apparently there was more than one issue that was causing high CPU usage, and the one you're experiencing is different than the one that was patched. If we need any more debug info than what we have already, then I'll let you know.

Ok. Good to know that the log was useful.

Share this post


Link to post
Share on other sites

one more of the computers I do administrate had this error last week. i noticed parallel two error messages in windows event protocol:

Die maximal zulässige Dateigröße für die Sitzung "ReadyBoot" wurde erreicht. Daher können Ereignisse für die Datei "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl" verloren gehen (nicht protokolliert werden). Die maximale Dateigröße ist derzeit auf 20971520 Bytes festgelegt.

a second one:

Die Sitzung "ReadyBoot" wurde aufgrund des folgenden Fehlers beendet: 0xC0000188.
ErrorCode  3221225864

After google for that, i deleted the content of c:\windows\Prefetch, the focus was the file ReadyBoot.etl

After that and rebooting, the high cpu usage error was gone and not come back.

Best regards, Lars

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.