Ortorea

CLOSED Online Armor FREEZING My PC - See attached Report

Recommended Posts

Dear Support,

I have observed a long term problem with Online Armor's HIPS feature on my server PC, it eats all the CPU cycles and I set-up a batch file to check the status of the program and reboot the PC via a chkdsk on the reboot which fixes what ever the problem is. I suspect Online Armor is not able to finish writing a file during a former pre-scheduled shut-down which is on a time schedule each day.

I need a solution OR a way to reduce the CPU priority to below normal on OA to enable my Batch file to run properly to reboot, (as when this situation occurs everything on the PC stalls out, and I end up with a whole load of delayed processes all trying to run at once, further de-stabilising the PC), I need my Batch file to complete the reboot command in chkdsk mode cycle, as the PC becomes totally unresponsive due to online armor using cpu as high as 95% and not allowng my batch file, or any other process to run to complete the reboot cycle.

I have enclosed some important specifications below to assist in finding a solution.

Regards Michelle

---------------------------------------------------------------------------------------

Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)

Date 2011-11-18

Time 20:01

Computer:

Computer Type ACPI Uniprocessor PC

Operating System Microsoft Windows XP Home Edition

OS Service Pack Service Pack 3

Internet Explorer 8.0.6001.18702

DirectX 4.09.00.0904 (DirectX 9.0c)

Computer Name GARAGEPC

User Name xxxx

Logon Domain xxxxxxxxx

Date / Time 2011-11-18 / 20:01

Motherboard:

CPU Type Intel Celeron, 2400 MHz

Motherboard Name MSI 651M-L (MS-7005) (3 PCI, 1 AGP, 1 CNR, 2 DDR DIMM, Audio, Video, LAN)

Motherboard Chipset SiS 651

System Memory 768 MB (PC2700 DDR SDRAM)

DIMM1: 512 MB PC2700 DDR SDRAM (3.0-4-4-8 @ 166 MHz)

DIMM2: Kingston K 256 MB PC2700 DDR SDRAM (2.5-3-3-7 @ 166 MHz) (2.0-3-3-6 @ 133 MHz)

BIOS Type Award (10/06/04)

Communication Port Communications Port (COM1)

Communication Port ECP Printer Port (LPT1)

Display:

Video Adapter NVIDIA Quadro4 900 XGL (128 MB)

3D Accelerator nVIDIA Quadro4 900XGL

Monitor Acer AL1715 [17" LCD] (ETL2102177)

Multimedia:

Audio Adapter Realtek ALC655 @ SiS 7012 Audio Device

Storage:

IDE Controller SiS PCI IDE Controller

Storage Controller ALSAQL6Q IDE Controller

Storage Controller NERO IMAGEDRIVE SCSI Controller

Floppy Drive Floppy disk drive

Disk Drive ExcelStor Technology J360 (60 GB, 7200 RPM, Ultra-ATA/100)

Disk Drive Maxtor 6Y080L0 (80 GB, 7200 RPM, Ultra-ATA/133)

Optical Drive DGVM 5Q34TAV4DQR SCSI CdRom Device

Optical Drive DVDRW IDE1008 (DVD+RW:8x/4x, DVD-RW:4x/2x, DVD-ROM:12x, CD:40x/24x/40x DVD+RW/DVD-RW)

Optical Drive NERO IMAGEDRIVE2 SCSI CdRom Device (Virtual CD-ROM)

Optical Drive NERO IMAGEDRIVE2 SCSI CdRom Device (Virtual CD-ROM)

SMART Hard Disks Status OK

Partitions:

C: (NTFS) 17084 MB (7451 MB free)

D: (FAT32) 2019 MB (1193 MB free)

E: (FAT32) 39978 MB (2911 MB free)

I: (NTFS) 33996 MB (924 MB free)

J: (NTFS) 22622 MB (141 MB free)

Total Size 113.0 GB (12.3 GB free)

Input:

Keyboard HID Keyboard Device

Mouse HID-compliant mouse

Network:

Primary IP Address 10.10.2.10

Primary MAC Address 00-11-09-01-CB-3F

Network Adapter SiS 900-Based PCI Fast Ethernet Adapter (10.10.2.10)

[ Motherboard ]

Motherboard Properties:

Manufacturer MICRO-STAR INTERNATIONAL CO., LTD

Product MS-7005

[ Chassis ]

Chassis Properties:

Chassis Type Desktop Case

[ Memory Controller ]

Memory Controller Properties:

Error Detection Method None

Error Correction None

Supported Memory Interleave 1-Way

Current Memory Interleave 1-Way

Supported Memory Types DIMM, SDRAM

Supported Memory Voltages 3.3V

Maximum Memory Module Size 1024 MB

Memory Slots 2

[ Processors / Intel® Celeron® CPU ]

Processor Properties:

Manufacturer Intel

Version Intel® Celeron® CPU

External Clock 100 MHz

Maximum Clock 4000 MHz

Current Clock 2400 MHz

Type Central Processor

Voltage 1.5 V

Status Enabled

Upgrade ZIF

Socket Designation Socket 478

[ Caches / Internal Cache ]

Cache Properties:

Type Internal

Status Enabled

Operational Mode Write-Back

Maximum Size 20 KB

Installed Size 20 KB

Supported SRAM Type Synchronous

Current SRAM Type Synchronous

Socket Designation Internal Cache

[ Caches / External Cache ]

Cache Properties:

Type External

Status Enabled

Operational Mode Write-Back

Maximum Size 128 KB

Installed Size 128 KB

Supported SRAM Type Synchronous

Current SRAM Type Synchronous

Socket Designation External Cache

[ Memory Modules / A0 ]

Memory Module Properties:

Socket Designation A0

Type DIMM, SDRAM

Installed Size 512 MB

Enabled Size 512 MB

[ Memory Modules / A1 ]

Memory Module Properties:

Socket Designation A1

Type DIMM, SDRAM

Installed Size 256 MB

Enabled Size 256 MB

[ Memory Devices / A0 ]

Memory Device Properties:

Form Factor DIMM

Type SDRAM

Type Detail Synchronous

Size 512 MB

Total Width 64-bit

Data Width 64-bit

Device Locator A0

Bank Locator Bank0/1

Manufacturer None

Serial Number None

Asset Tag None

Part Number None

[ Memory Devices / A1 ]

Memory Device Properties:

Form Factor DIMM

Type SDRAM

Type Detail Synchronous

Size 256 MB

Total Width 64-bit

Data Width 64-bit

Device Locator A1

Bank Locator Bank2/3

Manufacturer None

Serial Number None

Asset Tag None

Part Number None

[ System Slots / PCI0 ]

System Slot Properties:

Slot Designation PCI0

Type PCI

Usage Empty

Data Bus Width 32-bit

Length Long

[ System Slots / PCI1 ]

System Slot Properties:

Slot Designation PCI1

Type PCI

Usage Empty

Data Bus Width 32-bit

Length Long

[ System Slots / PCI2 ]

System Slot Properties:

Slot Designation PCI2

Type PCI

Usage Empty

Data Bus Width 32-bit

Length Long

[ System Slots / AGP ]

System Slot Properties:

Slot Designation AGP

Type AGP

Usage Empty

Data Bus Width 32-bit

Length Long

Share this post


Link to post
Share on other sites

Dear Forum Veteran, Yes in fact I have tried several versions I am however now using the latest version Re-installed yesterday, this is very strange it has something to do with how OA interfaces with my network adapter, as when the CPU goes high usage, nothing will connect to the Internet like my Network stack is locked out, mirc for example cannot connect, and over the last 1 year (Yes VERY long term problem) I have written a very elaborate batch file perhaps it will help you assist me if I share this with you ? Basically it checks to make sure

C:\Program Files\Emsisoft\Online Armor\oasrv.exe is actively using memory and that the memory usage is not stuck.

It seems that many programs just stop running, even my batch file, and it is often impossible to start a new process or cmd prompt, the strangest thing is sometimes my entire drive D: vanishes for my computer, and after a reset or reboot depending on the stability of my system, it comes back as normal after a reset or reboot. This ONLY happens when HIPS is turned on, as I use this PC as a voice chat and ftp server it is MOSTLY unattended so is not used for general web browsing so it is very annoying when it locks up and even my batch file cannot recover it, I am aware Online Armor gives the best protection which is why I use it.

Michelle

My Batch file is below

@echo off

setlocal enabledelayedexpansion

set confirm="E:\Program Files\Automation"

set alert="E:\drive-bad.txt"

cls

:: -----------------------------------------------------------------

set DEFRAGTRUE=DriveDefrag.exe

:: IF DEFRAG RUNNING SKIP CHECKING

::

for /f "tokens=*" %%1 in ('tasklist /nh ^|find "%DEFRAGTRUE%"') do (

for /f "tokens=5" %%A in ("%%1") do (

set DEFRAG=%%A

)

)

if "%DEFRAG%"=="" goto continue

>> "C:\state\status.txt" echo BUSY Defraging Disks at T: %TIME% D: %DATE% && echo BUSY Defraging Disks at T: %TIME% D: %DATE%

sleep 5

cls

goto end

:continue

:: -----------------------------------------------------------------

:: IF YOU HAVE NO SLEEP OR WAIT COM FILE THIS BATCH IS USELESS as

:: some tests require a wait to ensure DIFFERENT memory value's

if not exist sleep.com goto end

:: -------------------------------------------------------------

:: This is the ACTUAL PROGRAM Under TEST - i.e. application.exe

set appname=oasrv.exe

:: -------------------------------------------------------------

ping -n 1 google.com > nul

for /f "tokens=*" %%1 in ('tasklist /nh ^|find "%appname%"') do (

for /f "tokens=5" %%A in ("%%1") do (

set memuse1=%%A

)

)

:: -------------------------------------------------------------

echo %appname% MEMORY USE = %memuse1% kb

sleep 160

cls

ping -n 1 yahoo.com > nul

for /f "tokens=*" %%1 in ('tasklist /nh ^|find "%appname%"') do (

for /f "tokens=5" %%A in ("%%1") do (

set memuse2=%%A

)

)

:: -------------------------------------------------------------

::

echo ****************************************************

echo * Previous Memory usage of %appname% was: %memuse1% kb *

echo * Currently Memory usage of %appname% is: %memuse2% kb *

echo ****************************************************

echo.

:: -------------------------------------------------------------

sleep 80

cls

ping -n 1 217.47.73.143 > nul && set val1= < nul && echo %val1%

for /f "tokens=*" %%1 in ('tasklist /nh ^|find "%appname%"') do (

for /f "tokens=5" %%A in ("%%1") do (

set memuse3=%%A

)

)

:: -------------------------------------------------------------

echo ************************************

echo * %appname% MEMORY USE = %memuse1% kb *

echo * %appname% MEMORY USE = %memuse2% kb *

echo * %appname% MEMORY USE = %memuse3% kb *

echo ************************************

echo.

sleep 80

cls

for /f "tokens=*" %%1 in ('tasklist /nh ^|find "%appname%"') do (

for /f "tokens=5" %%A in ("%%1") do (

set memuse4=%%A

)

)

:: -------------------------------------------------------------

::

echo ****************************************************

echo * Previous Memory usage of %appname% was: %memuse1% kb *

echo * Previous Memory usage of %appname% was: %memuse2% kb *

echo * Previous Memory usage of %appname% was: %memuse3% kb *

echo * Currently Memory usage of %appname% is: %memuse4% kb *

echo ****************************************************

:: -------------------------------------------------------------

echo.

IF "%memuse1%"=="%memuse2%" (

echo. Test mode variables 1 and 2 are SAME

echo.

GoTo check2

) ELSE (

echo. Test mode variables 1 and 2 are DIFFERENT

echo.

)

goto done

:: -------------------------------------------------------------

:check2

IF "%memuse3%"=="%memuse4%" (

echo. Test mode variables 3 and 4 are SAME

echo.

GoTo check3

) ELSE (

echo. Test mode variables 3 and 4 are DIFFERENT

echo.

)

goto done

:: -------------------------------------------------------------

:check3

IF "%memuse1%"=="%memuse4%" (

echo. Test mode variables 1 and 4 are SAME

echo.

GoTo commands

) ELSE (

echo. Test mode variables 1 and 4 are DIFFERENT

echo.

)

goto done

echo *********************************************

:: -------------------------------------------------------------

:: -------------------------------------------------------------

:: REM OUT BELOW FOR SAFETY

:commands

cls.

echo commands running

>> "C:\state\bad.txt" echo baddrv

echo y > %confirm%\confirm.txt

chkdsk C: /F < %confirm%\confirm.txt

chkdsk D: /R /F < %confirm%\confirm.txt

chkdsk E: /R /F < %confirm%\confirm.txt

if exist wizmo.exe wizmo play=notify.wav

echo commands running

if not exist %alert% shutdown /r /f && if exist wizmo.exe wizmo play=oops.wav && set cond=REBOOT

if exist %alert% shutdown /s /f && if exist wizmo.exe wizmo play=shuttingdown.wav && set cond=SHUTDOWN

>> "C:\state\status.txt" echo PC Instability Time: %TIME% Date: %DATE% NETWORK PC Auto %cond% (security-live.bat)

echo bad > %alert%

endlocal

sleep 55

:: NOT SUITABLE FOR REQUIRMENTS :: reset session 0

goto end

:: -------------------------------------------------------------

:done

if exist %alert% del %alert%

:: WAITS FOR USER TO READ SCREEN CONTENTS

sleep 20

cls

:: ***************************************************************

::

echo **** CHECK FOR PROGRAM SUCCESS IF FAIL REBOOT *********

if exist C:\fsie del C:\fsie

echo.

echo Find PID of process which contains IMAGENAME eq FileZilla Server Interface.exe

Tasklist /FI "IMAGENAME eq FileZilla Server Interface.exe" /FO "CSV" /NH >C:\fsie

sleep 5

cls

:: ..........................................

:: Filtering out PID of the process list

For /F "tokens=1-5* delims=," %%A in (C:\fsie) Do (

set Txt=%%B

Echo !Txt:^"=!>C:\fsie1)

)

echo "C:\fsie"

sleep 3

cls

if exist C:\tmp_fsie1.txt del C:\tmp_fsie1.txt

if "C:\fsie"=="" echo C:\fsie1 NOT EXIST && echo failed_fsie1 > C:\tmp_fsie1.txt && >> "C:\state\status.txt" echo failed_fsie1 && call Restart.bat

if not "C:\fsie"=="" echo C:\fsie1 EXISTS && if exist C:\tmp_fsie1.txt del C:\tmp_fsie1.txt

sleep 10

cls

:: ***************************************************************

if exist %alert% del %alert%

if exist "C:\state\bad.txt" del "C:\state\bad.txt"

:end

endlocal

color

cls

Share this post


Link to post
Share on other sites

OH BTW If your wondering what the PINGS are for, it is to actively make sure some traffic is sent on the network which changes the memory use of OA.

Michelle

Share this post


Link to post
Share on other sites

Do you have Avira and Spybot on this computer? If so have you added them to OA's exclusions list and added OA to their exclusions list? With Sypbot, I'm not sure if you are using the Teatimer, but just in case, this has been known to cause problems with OA in the past and usually should be disabled.

Share this post


Link to post
Share on other sites

Your disks appear to be about 90% full: that can slow anything (as used space increases, performance of everything decreases).

You mention your 'server PC': please explain what that means.

You also mention OA's HIPS: does performance improve if the HIPS is disabled?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.