Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
21 août 2011 7 21 /08 /août /2011 00:00

I felt that Kaspersky antivirus was taking a lot or resources, generating lots of HDD requests.

 

So I tried to monitor what was going on, and used SysInternals Procmon. BTW, hi and congrats Mark :)

 

I set up a filter targeting avp.exe (one of the main exefiles of KAV).

 

After a few hours, the computer became very very slow. Pretty close to a DoS, with applications yelling they needed to be closed in order to prevent from data loss... So I had a look at the "computer panel":

 

disque_210811.jpg

 

 Apart of the data drive (D:), there appears to be a real problem with the disk space remaining on C:...

 

There should be 10 GB of free disk space... where did they go?  I was about to launch WinDirStat, and analyse the whole partition in depth. But, just double-clicking on the C: revealed something that drove my attention:

 

disk_C_pagefile_210811.jpg

 

 Wow... 12.580 GB of pagefile.sys! I understand the only 54MB remaining of the disk drive...

 

 And what does Procmon say?

 

procmon_avp_210811.exe.jpg

 

 See? at the bottom: 24 millions of events, "backed in page file"...

 

BTW, avp.exe did generate 1.2 millions of events itself! Around 1 out of 20, that's something. It proves once again Kaspersky AV takes oa lot of system resources. Yes, K Labs did find a trick to use less of CPU cycles (they use GPU... still system resources), but what about the disk? It can't be replaced by something else!

 

Back to business: Procmon gives up!

procmon_DoS_210811.jpg

 

In a nutshell, here is what I would say to sysadmins:

- be very careful while monitoring system issues with Procmon: you may just crash the system with a pagefile.sys taking all the disk space!

-  do not let less than 10GB of free disk space on the System partition...

Partager cet article

Repost0

commentaires