Defense/Trusted Files takes a lot of time to render the list and display the popup on my Windows XP SP3 system. During this time the process goes into a non responding state (as also corroborated by Task Manager)
However the display for other sections like Defense/Unrecognized Files or the Firewall/Network Security Policy or Defense/Computer Security Policy is way faster.
S/w :
CIS 5.4.189822.1355 (AV Disabled)
Avast 6.0.1125 AV Only
No running background security service hooks / process from any other s/w.
I figured this is in all probability because of the avast emulation engine (SF.bin) using Process Explorer but the query is Is there some handle / process file existence/ additional checking which happens for
Defense/Trusted Files (60 entries) as compared to Defense/Unrecognized Files (10 entries) which causes this ?
Regards
P.s. Apologies please could a mod move this topic under Help - CIS → Defense+ / Sandbox Help - CIS
There have been problems with Avast AV and CIS where the memory access attempts by Avast upset the self protection of CIS and had cmdagent.exe use lot’s of CPU cycles. What happens when you add the CIS installation folders to the exclusions of Avast?
I am running Avast 6 on WIN 7 x64 plus Comodo with Defense+ set to safe mode and sandboxing set to limited. No exclusions for Avast 6. Avast 6 settings set to max. on everything. Sandboxing is set off in Avast. My Defense+ alerts are almost instaneous. Have had zip conflicts between Avast 6 and latest 5 ver. of Comodo.
This might be due to hardware limitations perhaps? I have am AMD quad core 945 Phenom II processor, 8 gigs of ram, and a nVidia GTS450 graphics card w/ a gig of DDR3 memory.
Tried that premise out too including excluding %INSTALL_FOLDER% and %APP_DATA%, then both. No luck, marginal improvement but that could be perception.
Any suggestions on s/w I could use to debug process intricacies ?
@DonZ -
Sandbox feature in Avast is disabled.
Indeed h/w is always a factor but one generally gets to know the feel of his/her system and can guage performance In comparison to the other lists this one’s bad.
Have you tried to disable Avast via it’s toolbar icon and see if your Defense+ popup speeds increase? At least that will tell you if Avast is the issue?
@DonZ -
That will definitely work nd it does very quickly, but its not a valid integration case, Its like what EricJH requested to turn my CIS Sandbox off so that hook will not effect but that means my Sandox is off which is not something I would want.
I did mention at the start I figured this is in all probability because of the avast emulation engine (SF.bin) but the query is Is there some handle / process file existence/ additional checking which happens for Defense/Trusted Files (60 entries) as compared to Defense/Unrecognized Files (10 entries) which causes this ?
That’s what we need to identify and feed back too the Dev’s / community.
For instance in other cases CIS could probably be only picking up entries from the registry and cross verifying it against the MFT, But in the case of Defense/Trusted Files its also calculating the hash and checking it against the List of vendors. This of course would mean a file handle is being spawned and hence scans the file signature against its Db causing the slowdown. But the question again is what is different when CIS populates Defense/Trusted Files as opposed to other lists.
I’ve tried Ragwing’s post didn’t improve things by much.
@EricJH After trying suggestion to exclude CIS paths in Avast have noticed a new positive trend, the 1st time display of the list and dialog is still slow but subsequent view’s of the same are instantaneous - probably memory caching.
THis FAQ here describes general approaches to ensuring security programs don’t interfere. Following its suggestions may help resolve the problem by solving a difficulty you don’t know about.
Acknowledged and yes I should have done the exclusions prior to the topic start sorry about that But what I was and am trying to isolate is the what portion of the overlap that is occurring and why its only affecting the display of Trusted Files as opposed to the display of other sections.
Please note am not trying to establish a point or … just trying to do my best to identify what is the region of overlap to specifically identify what’s different in the case of trusted files then feed back.
I’ll try to see if I can manage something using what I know and post back if I do identify something.
At the end thanks @EricJH & @DonZ and @mouse1 for your assist’s on this post.