Slow AV Performance

Just an observation to share. Prior to version 5 I have never experienced degradation in CIS performance, or at least it was far better than any other security suite. In v5, freshly installed a month ago or so, I have noticed increasingly slow performance, but I could not put my finger on it as to the cause.

For a different reason today I decided to try out Microsoft SE. So I switched off the CIS AV component. Since that moment the general performance of the PC is significantly quicker (in its general operation, not specifically during AV scans). It is also quicker despite the fact that I additionally installed Prevx free version to test it out.

For info, CIS AV was on default settings.

Given that MSE detection is reportedly very high, and given that I have experienced better performance than CIS AV component, I am going to find it difficult to remove it and switch back to CIS AV until detection and performance improve.

The rest of CIS suite is working excellently and I would not swap it for anything else on the market now.

Just an observation that I wanted to share. Mods, feel free to relocate somewhere else if more appropriate.

Hi cavehomme. Your topic surprised me and I’m in no way saying you are wrong. I use XP and I have found CIS v5 to perform better than previous versions. I found MSE to be a bit resource hungry with XP but have heard very good reports on Win 7 ( I have no experience with Win 7). If you like CAV except for the performance issue I hope a solution is possible. Sorry I’m no help to you I just think it should perform as well on Win 7 as it does on XP unless their is an underlying problem. Good luck and my brain is rattling. Kind regards.

Same here cavehomme, but I don’t have experience with earlier versions.
I switched to Comodo because of the superb firewall (I still find it superb), but the AV and Def+ are disappointing. My previously immediately reacting pc is now like an old tired man (WinXP).
Especially normal Windows tasks now takes ages to perform. A few examples are:
Add/remove programs (load time), before 5 seconds, now 55 seconds.
Delete old restore points, before 5 seconds, now 2 minutes.
As you can see; same performance as when using the useless Symantec products.
I have played with the properties, and have concluded that the only way to get the performance back,
is to switch off both the AV scanning and the Def+, they share equally their part of the
degradation.
I also notice that the AV insist on scanning files that I delete ???
This will obviously lead to performance problems e.g. when deleting old restore points.

Can the two of you make sure there are no drivers around from previously installed security programs? Try using removal tools for those programs. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Otherwise do a Google search with terms “removal tool” and * name of product or vendor*.

Or try the following manual routine to look up left over drivers.

We are gonna take a look to see if there are some old drivers of your previously uninstalled security programs are still around. First run "set devmgr_show_nonpresent_devices=1’ without the quotes from the command prompt. Then go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> reboot your computer.

When the problem persists make sure there are no auto starts from your previous security programs. Download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting push Escape and go to Options and choose to hide Windows and Microsoft entries, to include empty locations and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

Eric, great suggestions thanks. Did all of that, no traces remaining of anything, and previously I did use the relevant remove tools.

In looking through autoruns there are some strange names and not identified in anyway, such as examples

under HKLM\System\CurrentControlSet\Services

  • cbvd.sys (can’t find anything on google!!!??) Is this anything to do with Comodo Backup?
  • memsweep2 (file not found under image. Could be leftover from Sophos antirootkit, or could even be a rootkit!?)

There is indeed hardly any data on the web about this file.

It looks like this may belong to Comodo back up:

Can you check the file and see if it belongs to Comodo?

Yes the cbvd.sys has a Comodo Digital Certificate.

I also have had one or two other issues such as taskhost.exe asking to connect to internet in recent weeks, which never happened before, so I am afraid that i might have a rootkit despite lots of different scans reporting clean. Tonight I will run the Bitdefender rescue scan to see if comes with anything hidden on the disk and report back (sorry that this is getting a bit off topic).

I have some other suspicions about what may be happening, highly speculative and unproven, and I need to troubleshoot more. It’s connected with Reimage which I have used a few times and which replaces various system files if found to be damaged. It replaced rather a lot of files on a relatively new system, so I suspect it may be doing more than replacing just damaged files. (edited)

EricJH: I used Avast and uninstalled it with their uninstall tool. Avast did not degrade my pc performance
noticeable. I have looked at the drivers, but don’t find anything that look like Avast. I do although find
5 running drivers where the “driverdetails” button is greyed out, so I don’t know what it is. The names are:
SASDIFSV, SASKUTIL, SbieDrv, SVKP, VgaSave. I frequently use “Autoruns” to find leftovers from uninstalled programs. No trace of Avast…

cavehomme: No cbvd.sys here, but a deactivated memsweep2.

SASDIFSV and SASKUTIL are SuperAntiSpyware drivers.
Yes, yes, yes I know I forgot about this program. I bought It several years ago and have not uninstalled it
although it has never found anything but false positives. Anyway, it can be closed from the systray, it does not make any difference if it is on or off.
SbieDrv is a Sandboxie driver. Yes I have this excellent program installed.
SVKP is a driver for SVK Protector, a software license protection program. I have never installed this program or anything similar. I will deactivate this driver and see what happens.

No diff. with SVKP deactivated.
Btw. “Autoruns” also loads extremely slow, with cmdagent.exe consuming 100% CPU 88)
I also have Microsoft Defender installed, but do not know how to deactivate it…

Bingo !
Comodo and Windows Defender don’t love each other. :wink:

Add/remove progs, now 15 seconds, and Autoruns loading in no time.

cavehomme: Do you by any chance use Win Defender+

I carried out 2 scans with rescue disks, Bitdefender and Kaspersky, and they did not come up with anything interesting, only some FPs that CIS had already reported, but I am checking these out further.

So back to the original point, for some reason CIS 5 AV slows down this Win 7 32 laptop. It may be connected with Malwarebytes running realtime at the same time possibly, but now that MSE is installed there is no significant performance hit unlike CIS AV. I do seem to recall a few weeks / months ago there was an issue between Malwarebytes and CIS, so may be it is indeed that.

I believe that I have now found the optimal solution in terms of performance and protection.

Firewall: CIS v5x with D+ enabled, also Execution Control and Sandbox Enabled (Restricted Mode)

AV/M: Prevx realtime with Safeonline.

Excellent performance and I feel highly highly protected. Sorry to say that for the time being that Comodo AV is not included.