Unexplained file access (on startup)

Hi!

First, thank you for a fantastic product!

I have a small issue, hoped anyone might be able to shed some light.

I have CIS installed and updated to the latest version. Upon every system boot, most of the PE-format (e.g., executables, DLLs and etc.) files on my D: drive are being scanned. I know this simply since task manager indicates that the disk activity (and the access to these particular files) is sourced in in cavwp.exe (that is, if I manage to open Task Manager fast enough, before the scanning has taken place).

This slows down machine start up significantly (for about a minute). At some points, opening a browser, which would otherwise happen instantly, could take about 40-50 seconds (even the mouse would lag, as the system struggles to re-paint the cursor). After that initial phase which happens shortly after system boot, everything resumes working properly. Permanently disabling the AntiVirus module alleviates the said issue.

What’s strange is that I have absolutely no scheduled scans set, nor do I have boot time memory scanning enabled.

Is this something known?

Thanks a lot!

Is your d drive an internal or external?

I noticed that each time I start Firefox with a USB stick present CIS will report angry ip scanner (on the stick) may be a virus. That happens only with FF. I guess FF checks the system and CIS of course witnesses this.

Hi!

Thanks for replying!

This happens with an internal logical drive, which, in fact, are just two hard drives configured in RAID 0 mode. The drives are not connected via an adapter which presents itself as a SCSI drive, thus is not recognized by the operating system as removable but as a regular, internal drive.

I will try to quickly launch ProcMon, in order to see what is accessing the said files, besides CIS. It sounds correct that CIS could be triggered by another application which is accessing these files. Let me check and I’ll be right back.

Thanks.