To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

CPU usage

marcindudziak
marcindudziak Posts: 4 Security Scout
in Business Suite

Dears,

 

Is there any way to set the maximum percentage of CPU usage for the process FSSM32.exe?

 

Best regards,

Marcin Dudziak

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

    FSSM should not any CPU unless you start a manual scan. Then it will use all available CPU, until you start a second programm in the forground.

     

    Only if you have activated "scan archives" in manual scan it will stick to 100% until scanning the current ZIP has finished.

     

    You can lower process priority, but that will significantly increase the sacnning time.

     

    HTH

    Matthias

  • suntattood
    suntattood MyAccount Posts: 14 Security Scout

    If you can add more memory to your computer, you might be able to fix this problem. image

  • lviperen
    lviperen Posts: 2 Security Scout

    Matthias,

    You state that the mentioned problem only arises with a manual scan, this is not the case as noticed on my Vista system.. On a scheduled scan it is consuming a very high amount of CPU thus bloccking the system for other activities.

    This is rather irritating and screems for a maximum threshold for the scanning process.

     

    Regards Leo

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

    a "scheduled scan" is a "manual scan" launched by the system scheduler.

    do not activate "All files"

    do not active scan inside archives

    when running such scans.

     

    Or even better do not run schedules scans at all!

    Realtime scanning is much more effective!

    running a scheduled scan additionally does neither provide any additional detecion nor protection/safety!

     

    BR

  • Dick99999
    Dick99999 Posts: 3 Security Scout

    >"Or even better do not run schedules scans at all!"|

     

    And what about a new user? I'd like to scan all of my files now I have a new FW/AV. Cannot do that, it takes probably more than 20 hours, have not completed a complete scan yet.

    During that time I cannot use my computer. Programs won't start, FS keeps consuming all of the CPU (dual, 2.2 Ghz, 4GB, Win 7/32, FS 2011). Lowering the process' priority will hang the system, as will suspending do.

     

    Wouldn't it be easier to just have a pause button?

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Sure you can use your computer!

     

    Either a file is detected by ODS or it is not. But if it would be detected by ODS then OAS will detect it when you start the computer.

    OAS will even work better as behaivior blocking can ONLY be done with OAS.

     

    while the system is in "pause"-mode you would receive new sigantures. Would you restart? What should the report say?

    "results based on the signatures <when started>" or "<when stopped>".

     

    As I wrote: do not "scan all files", do not "scan inside archives"

    And you could also lauch a Qucik system scan, that will scan all files used during boot.

     

    HTH

  • Dick99999
    Dick99999 Posts: 3 Security Scout
    @MJ-perComp wrote:

    Sure you can use your computer!

     

    Either a file is detected by ODS or it is not. But if it would be detected by ODS then OAS will detect it when you start the computer.

    OAS will even work better as behaivior blocking can ONLY be done with OAS.

     

    while the system is in "pause"-mode you would receive new sigantures. Would you restart? What should the report say?

    "results based on the signatures <when started>" or "<when stopped>".

     

    As I wrote: do not "scan all files", do not "scan inside archives"

    And you could also lauch a Qucik system scan, that will scan all files used during boot.

     

    HTH

    I investigated the issue why in my case I cannot use my computer during a scan. I described already why I cannot use it with FS 2011, simply stated: FS takes up 100% of my dual CPU, mouse clicks, program starts, keyboard input do not happen.

     

    The 2012 version is somewhat better. However it still takes Firebox for example 1-2 minutes to start. Same for other programs. It seems to be the case that during a file scan, FS does not allow other programs to run. So scanning a single long file (i.e. >100 mB) will result in a long delay( i.e > 30-60 sec). Then in between file scanning, other programs get a chance again. So when scanning many short files, the computer can indeed be used.

     

    Whether or not to do a full can, is imho a matter of trust, precaution, peace of mind, even though rationally I buy your reasoning that it's not necessary to do a full scan.

  • theleo
    theleo MyAccount Posts: 1 Security Scout

    I think this is not a solution to add more memory. I used many antivirus that provide manually service to increase or decrease CPU usages.

  • garlangreeny
    garlangreeny MyAccount Posts: 10 Security Scout

    But for me it is. From 4GB to 8GB RAM, my system loads faster especially on running AV. So I would say that the amount of your memory installed in your system really matters. image

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Ok, I will dig a bit deeper in scan technology to explain the causes.

     

    1) 4 GB should be more than enough. Adding additional MEM is always nice, but you need to have 64BIT which you do not. Your system does not use mor than abot 3.2 GB the rest is lost!

    2) archive scanning is done im MEM, so a ZIP gets loaded to MEM, unpacked there and scanned. THAT will use a lot of MEM

    3) whenever the scanner manager loads a file to be scanned it wil do so, using all available CPU. This is because of 2) otherwise the MEM would not be freed again in time. Other processes waiting for files to be scanned would also have to wait. So it is your primary interest that once a file is started to be scanned it should do so as fast as possible.

     

    When scanning an archive this is ONE file and due to 3) the scannermanager will force scanning this file at high priority. And there are lots of archive formats that are scanned that you would not identify as archives from the first glance.

     

    If you additionally select "all files" you disable important "file type detections". These decide what scanner module is to be used to scann the file. E.g. you would normaly not scan for a Word-Macro inside a BMP. With "All files" you do. Also "known good" files confirmed by ORSP might also be scanned (without need).

     

    All the results are cached and a subsequent scan will be much faster as know good files will be skipped.

     

    And yes, 2012 will put a smaller MEM-footprint and add speed to scanning.

     

    HTH

  • Dick99999
    Dick99999 Posts: 3 Security Scout
    A followup question. I indeed did encounter a OAS finding a virus that ODS did not find, Nice! Now my question about not using an email shield (and one cannot if it concerns an SSL/TLS email link) Is that real time scanning/virus detection also true for:
    - junk mail
    - a virus/malware 'at rest' (sitting and waiting to be activated)
    @MJ-perComp wrote:
    [.....]

     As I wrote: do not "scan all files", do not "scan inside archives"

    And you could also lauch a Qucik system scan, that will scan all files used during boot.

     

    HTH


     

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    > Or even better do not run schedules scans at all!

    > Realtime scanning is much more effective!

    > running a scheduled scan additionally does neither provide any additional detecion nor protection/safety!

     

    I cannot agree with this assertion. Today we can see the long-rumored state malware and super advanced mil-ware that really exist, like Stuxnet, Duqu, Flamer, Gauss. It is now fact that these have been "in the wild" for many months, sometimes several years, completely undetected before various weird technical glitches uncovered their existance. After then AV companies could add detection.

     

    If one does not run scheduled scans, he/she will never learn about super-advanced malware residing on the machine, not even in "retro-spective" knowledge. On-access scan only catches the currently active threats, provided the AV product is advanced enough to catch the latest threats as they happened. AV company bosses now admit, this is not true for the most sohisticated milware threats, therefore a customer hit by such malicious code can only hope for retro-spective detection.

     

    That is why regular scheduled scans and preserving "ghost-like" full disk images off randomly selected machines should not be excluded from the corporate / institutional IT-security effort.

     

    Sincerely: Tamas Feher from Hungary.

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

     

    in my understanding malware that resides on the HDD is as dangerous as the one that we have on the USB-stick in our table or that is still not even been downloaded from the internet. Only if we start that malware the system is endangered.

     

    Stuxnet, Gauss, Flamer etc. are very sophisticated and ONLY execute their payload when the system matches certain requirements (e.g Gauus will only execute if it does NOT find F-Secure). If they do not do anything they certainly do not trigger behavioural control / blocker.

     

    So yes, if you were running F-Secure in the end you were safe from Gauss (lets say Gauss was frightened or deterred).

     

    Certainly we do not like any malware, but certain minimum IT-security awareness is part of the game too.

     

    Have a nice weekend!

This discussion has been closed.

Categories