with virtual containment - run big setup on default hdd and run browsers there one or two - surf a lot pages data with 2 firefox windows in virt-kiosk; then when go 24 hours or less performance drop - then appears error looks like guard driver thread on system hang and use full one core - only shut down or in most cases pc reset helps;
with turn off o&o defrag service problem appears rare but still exists; (wil ltry turn of sys default defragmantation too but not sure if it’s related or not) looks like virtual kiosk had some problems - maybe it happen when write a lot of data with app started in virt-kiosk…
(additional have default win10 sysmain enabled and vss with 10% of protection - but think it not related to virt-ciosk and firefox issues)…
maybe you see same and known what cause it and how resolve it ???
Hi maxoptimus,
Thank you for reporting.
Could you please provide us exact step to reproduce the issue ? so that we will check and update you.
Any screenshot or video of the issue would be helpful.(Not Mandatory)
Thanks
C.O.M.O.D.O RT
yes, next time will take dmp file and show process explorer screens;
I have using firefox 2 profiles and both hang after some time;
maybe it happen if virt kiosk is full of files, but for now not sure;
today tried cleanup virt container after 20hours of PC on - next will see if issue come back and on what time.
Hi maxoptimus,
Thanks for updating information.
Kindly report back when the issue occured again.
Thanks
C.O.M.O.D.O RT
task mngr screen;
current steps - I have use PC 20 hrs browsing with no issue; (near 8 PM) cleaned virt kiosk; rerun browsers again; after night started slack app (in virt ciosk) chat and close it near 5AM;
additional run outside kiosk nu-torrent, teamviewer and old version of plex server (it sync update metadata from 5 to 9 AM) [but think is not related to that issue maybe];
Now I think maybe it happens after run slack app maybe it use a lot of space for cache and tmp in virt kiosk additional to 2 instaces of diff. fx profiles;
now issue happen after 10 AM and few minutes; fx windows become black and processes in kiosk become not responsive and hang and moreover not able to kill with windows via task manager etc;
windows dmp not sure if it halpfull - that pc for torrent and surf and media; so can share it;
ntoskrnl - 10.0.10240.16724
not sure how to take dmp of system (oskrnl) looks like no access - system or maybe cis protected it;
(will try enable windows mini and full dumps - but afraid it not cause BSOD on shutdown and restart so windows will not run dmp creation - will check if possible to force it or run user access with kernel level…)
list of all cmdguard.sys threads;
__
exists limits for new users so will create one big image or add few replays…
and ordered threads in system process
checked vtroo it had near 1.32 and 1.47 on hdd space;
tried to enable sys crash full dump; as result tried increase pagefile.sys from ~3600 to 6400 Mb as result advenced sys settings hang up too; (very strange - maybe something wrong with virtual mem; not sure if bad block can cause that but I have checked hdd few times already - so teoraticaly any bad sector must be locked from use…);
use tool
notMyfault.exe /crash
- will share any dumps if windows will able to create mini or full;
or will prepare for next hangups;
yes this time got error “Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.”
now will set bigger pagefile - hope on next will able to create full dump;
interested - now when set pagefile.sys to 6400-6400 to take full dump;
issue looks diff. again after 9:00 AM hang only second instance of fx browser with default profile;
it don’t became black this time - but any action in wondows tabs clicks and close not work; (kill it with close via popup small preview on taskbar);
this time system not use 50% (one core) but it use 1500 Mb of Ram; after close hanged fx it go down and back to normal after some time;
afraid some strange issue with virt kiosk and virtual mem usage; still think is cmdguard and virtkiosk bug;
- if will happen again will create dump of that 1500mb or if cmdguard will use 50% (one core) - additional if will have time will try without clear container and see on what time next it will happen again; etc; or will try reduce pagefile and take minidump on next hangups;
Hi maxoptimus,
Could you please check your inbox for pm and respond ?
Thanks
C.O.M.O.D.O RT
ok, will try 1. enable/disable - VirusScope/HIPS;
next will try 10 - 21;
all other can be tested only in VM because will set PC on risk of infection;
All was turn off except containment; (only virusScope was trun off; but additional setting was enabled for apps inside contaimnet);
this time run 2 fx and slack inside virtual kiosk and got 600mb on system and same 50% one core hang on cmdguard thread inside system too; this time after 20:00 (8:00 PM)
this time created dmp hope it will helpfull in fixing; maybe core driver had bugs, etc;
Additional found zip files inside tmp dir not sure is cis files or maybe windows create error reports about that problem.
link to 7z archive 3.7Gb with full dmp (of 6400mb) - https://1drv.ms/u/s!AiHvdBSYY635ij7HYMB5rKKVpZPb?e=fLcyJa
and to dir with zip files from tmp dir - https://1drv.ms/f/s!AiHvdBSYY635ikNQJGN-2yfUigv4?e=R8Hhyz
now turn off virus scope for containment app too - not sure if it work if global off or not; (all other components was already turned off this time - so only 3 apps inside containment;)
if will appears again will try steps 10 - 21; or add more comments;
thx, will add coment if it help or not; additional I think I had turn off default windows defender antivir etc;
Hi maxoptimus,
Thank you for providing the dump file.
We will check and update you.
Thanks
C.O.M.O.D.O RT
few times saw strange issue with CPU usage on explorer on first run after reboot with shortcut to start app inside vkiosk;
not sure if related or not but still happen sometimes; kill explorer and unplug network cable help in that case… (are you sure you not collect some huge ammount of data from pc and apps that use containment ?)
Hi maxoptimus,
Thank you for reporting.
May i know your CIS and win version ?
Are you using any other security software other than cis ?
Thanks
C.O.M.O.D.O RT
windows version same is old PC so don’t want to update;
Win10 - 10240 (2015year build)
and
cis pro 12.2.4.8032 was on beggining - not sure if it autoupdated or not;
based on issues steps looks like it more related to cis virtkiosk maybe cis itself work fine;
(when run one fx and new ms edge same time in containtment looks like work better, but still sometimes strange issues appears - but for now without cis guard driver hangs).
many years ago use kis there but uninstall and switch to cis because your app had virtual enviroment for filesystem changes;
Hi maxoptimus,
Thank you for providing the requested information.
From the above statement we understood that running apps on virutal desktop causes high cpu usage of cis right ?
Are you using license for CIS pro v12.2.4.8032 ?
Thanks
C.O.M.O.D.O RT
