Author Topic: 7.0.1407 - File System Shield activity & FSS exclusions  (Read 29265 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
7.0.1407 - File System Shield activity & FSS exclusions
« on: February 24, 2012, 06:53:15 PM »
The file system shield activity has greatly increased in the final release build as has been shown in some other posts. Currently on my system 19118/0 files scanned and my system has never had this kind of activity in the FSS. Many posts make this figure look positively low, with over 57,000 scans.

I recently noticed that the FSS is constantly scanning a file winpatrol.exe, now this should have been added to the Transient cache after the first scan of this file. Having excluded that file from scanning in the FSS exclusions, I'm now noticing many other such repetitive scans of files on my system

So that file shouldn't be scanned again unless you reboot or have a VPS update or the file changes. That file was clearly not being added to the Transient cache.

Whilst compiling this post and doing some checking of my settings, the FSS activity has climbed to 19890/0, I also added an exclusion (full path) for another file (C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe) being constantly scanned yet that even after exclusion is being scanned.

So it would appear that there is also something wrong with the FSS exclusions

EDIT added another exclusion C:\Program Files\FireTrust\MailWasher2010\MailWasherPro.exe and that one seems to have taken.

The activity is now up at 21223/0 and it appears to be cycling through .exe and dll files also javascript session store files, even though they too are excluded.
« Last Edit: February 24, 2012, 07:04:28 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #1 on: February 24, 2012, 07:08:39 PM »
The transient cache has indeed changed little bit because of the changes in streaming updates and filerep.
It looks like some process is constantly touching these files on your system.
Can you try e.g. ProcMon to find out who it is?

Thanks
V;l
If at first you don't succeed, then skydiving's not for you.

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #2 on: February 24, 2012, 07:23:08 PM »
@ Vlk

I am in the same situacion. Avast! 7 sticks with one file over and over. Avast! does check other files while you use them but it returns to the same file again afterward. If I add the file, HPQste08.EXe in this case, to the exclusions or stop the process, Avast! just picks another and stay with it. I have stopped or added about 5 files and Avast! just picks another.

It looks like some process is constantly touching these files on your system.
Can you try e.g. ProcMon to find out who it is?

I will see what it is. Report back later.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline Dch48

  • Massive Poster
  • ****
  • Posts: 3150
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #3 on: February 24, 2012, 07:28:24 PM »
Mine shows 7181 scans in the last 24 hours. What has drastically increased is the Script Shield activity which is showing 27,769 scanned scripts in the last 24 hours.
Avatar FX6327X desktop, FX-6300 CPU, RX 470 GPU, 8GB RAM, Windows 10 Home 64 bit
HP dv6-6140us laptop, A8-3500M APU, 8GB RAM, Windows 7 Home Premium 64 bit
RCA W101 v2 10" tablet, Intel Atom Bay Trail Z3735F processor, 2GB RAM, Windows 10 Home 32 bit

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #4 on: February 24, 2012, 07:30:41 PM »
Well essentially like the transient cache, nothing has changed on my XP Pro system either.

Even with the streaming updates, which aren't that frequent plus I don't have an entry in defs for a stream today at all, the UI Updates shows the last stream update as yesterday, so that shouldn't trigger a Transient cache reset. So why the constant cycling through files.

So what am I looking at in the ProcMon ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #5 on: February 24, 2012, 08:28:09 PM »
David, since your last post was less than an hour ago, I presume you're still having this problem?

It must vary considerably from one user's system to another ... I did get the same thing with repeated scanning of FirewallUI.exe, as I'd noted in another thread somewhere (the main "Final released" one, maybe?), but adding the PCTools folder to my File Shield exclusions (not the global exclusions, under Settings) cleared that up nicely yesterday and -- so far, at least -- avast hasn't found another file "worthy" of the same attention.  The tooltray icon remains at rest unless something's actually happening.

Between that, and the extremely useful tip of resetting ShowSetupOutro in the INI to get rid of that phoenix-like "finish installing" thing, I think I've finally got my avast back into normal running condition, plus of course the new features.  Speaking of which, since the new auto-sandbox so far has too small a database to be of any use, and insists on terminating nearly anything I start, I've simply disabled that until it's more functional, like the WebRep will hopefully become.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #6 on: February 24, 2012, 08:49:47 PM »
Well continues apace, but as far as being a problem goes it doesn't really impact on my system performance, it is just that this never happened before and essentially with the Transient cache it shouldn't happen.

Even with the streaming updates (of which I have had none today) does clear/reset the transient cache the file should be scanned once and not perpetually.

I have added a few exclusions, but that is shooting the messenger and not solving the problem (and there are a great many such files in this cycle), this simply shouldn't happen.

The activity/files scanned count is currently on 28844/0.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #7 on: February 24, 2012, 10:02:54 PM »
I added WinPatrol to my Exclusions and it greatly reduced the number of events in FSS on my XP Pro system.

I see no problem with WinPatrol in FSS on my Windows 7 system.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #8 on: February 24, 2012, 10:12:27 PM »
Generally not a problem on my win7 netbook, but that doesn't get as much use is on standby most of the time.

But the XP Pro system the stats activity looks like a profile of the Alps. Scanned count now at 33,673/0
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #9 on: February 25, 2012, 12:10:32 AM »
After a clean install, all remain the same ( sound like a song ). It does not matter if I exclude the file, Avast! just get stuck with another. After 3 hours with the new install, I have in FSS about 130.000 files scanned. This is unbelievable.

Beside the automatic vps update when installing I have not got any more updates, vps 120224-1, and I have this disturbing " Connection not stablished " sign that I have no idea what it means.

@ Vlk

So what am I looking at in the ProcMon ?

Like davidR what am I looking at when using Process Monitor ?
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #10 on: February 25, 2012, 01:15:33 AM »
The Connection not established related to the cloud services for the streaming updates. Your normal VPS updates would be unaffected by this as far as I'm aware.

If there are no streaming updates that shouldn't trigger a transient cache reset, as I mentioned before; so there would be little reason then for the subsequent scans of an individual file. Even if it was working and reset the transient cache it should only scan a file once after that.

So even if I knew what Vlk asked me to monitor, essentially it makes no difference, if there was something touching the file/s surely it should be scanned once and no more.

One of the culprits in this is usually the old MS Index Service, but I disabled that many years ago as it is a pain in the rear.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7458
  • No soporte por PM.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #11 on: February 25, 2012, 01:36:11 AM »
Well I got my first automatic vps update ( 120224-2 ). My FSS is reaching 200 thou by now.

The Connection not established related to the cloud services for the streaming updates. Your normal VPS updates would be unaffected by this as far as I'm aware.

Ok thank you. I wanted to be sure. Will wait for a streaming update and see if the con is stablished, and as I said i got my first VPS.

If there are no streaming updates that shouldn't trigger a transient cache reset, as I mentioned before; so there would be little reason then for the subsequent scans of an individual file. Even if it was working and reset the transient cache it should only scan a file once after that.

That is the million dollar, in your case pounds or euros, question. What is making FSS to behave like that ?

So even if I knew what Vlk asked me to monitor, essentially it makes no difference, if there was something touching the file/s surely it should be scanned once and no more.

I know you do not because you asked Vlk what to look for. I was also asking him what to look for . If something is touching the files and they should be scanned once anyway then why is/are it/they being scanned again and again ? Well I suppose that is the question....
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline bollity

  • Jr. Member
  • **
  • Posts: 21
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #12 on: February 25, 2012, 01:57:08 AM »
The same problem here.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85636
  • No support PMs thanks
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #13 on: February 25, 2012, 02:01:02 AM »
What OS are you using, as both of us are using XP Pro ?

Though it does seem your is somewhat less active, mine now at 48,014/0
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Solemn

  • Jr. Member
  • **
  • Posts: 85
  • Life is long.
Re: 7.0.1407 - File System Shield activity & FSS exclusions
« Reply #14 on: February 25, 2012, 09:36:58 AM »
Not sure if this is too off-topic as I don't have enough information to back it up yet, but I too appear to experiencing this on all my Windows XP systems (32-bit) (unsure if Windows 7 x64 one is affected yet).

I noticed the AvastSvc.exe process getting high in memory consumption & cpu usage during a routine Malwarebytes Antimalware scan.  It also sticks around after it's done and may periodically pop-up in heavy usage again if something is opened.  This hasn't happened before the upgrade and appears to have made everything generally sluggish.  Scan times for MBAM increased about 40%-50% longer (as well as a 30-40% longer avast quick scan time) [mind you these rigs are rather old].

I do also have filerep and streaming updates on, and have similarly seen a spike in File Shield scanned items (20,000 items higher than usual at the moment).  Will keep a watch on any developments with this.
« Last Edit: February 25, 2012, 09:39:09 AM by Solemn »
- Cheers, Solemn
Win7 SP1 x64  +  Win XP SP3
Avast 7.0.1474 + MBAM Pro + Sandboxie + Spywareblaster