6 Replies Latest reply on Apr 29, 2009 9:02 PM by LANDave

    ScanningProcess.exe

    Apprentice

      The last couple of days, when I come into the office ScanningProcess.exe is running twice, and one of them is taking over 1GB of memory?

       

      Ideas?

        • 1. Re: ScanningProcess.exe
          phoffmann SupportEmployee

          Wow - that's pretty impressive (very BAD, but still impressive).

           

          I'd suggest you contact support to make sure you get the latest AV-engine / patch in the first place (since you don't mention at all what level you're at) - and begin from there? Certainly not a known issue to me at this point.

           

          Paul Hoffmann

          LANDesk EMEA Technical Lead

          • 2. Re: ScanningProcess.exe
            Apprentice

            Thanks Paul,

             

            Core 8.8 SP1 with the hotfix for policy.client.invoker.exe installed.

             

            Interesting note, this paticular machine is mine, so it has the console on it, and I generally leave it running, overnite, only miinimized.

             

            I am not sure how to check the AV scan engine version.

            • 3. Re: ScanningProcess.exe
              LANDave SupportEmployee

              I would also recommend opening a case with LANDesk support, as we are likely to ask you for log files, etc and that may be more appropriate to work within a support case.

               

              The scan Engine version is obtained by double-clicking the shield icon in the system tray and it will say "Scan Engine:" and then display the scanning engine version.

               

              Often when you contact support we will ask you for the version # of one or more of the following files:

               

              AVSERVICE.EXE

              LDAV.EXE

              LDOUTLADDIN.DLL

              SCANNINGPROCESS.EXE

              KAVE.DLL

               

              The good news is that in the next major release of our product, these version numbers will be reported in the AVSERVICE.LOG file, which will save you an aggravating step of hunting down this information, and will save us a step in troubleshooting our product.

               

              A scanningprocess.exe per cpu should be expected by default on a computer.   So a dual-core processor will show two scanningprocess.exe's.   However, it is strange that one of those is consuming 1 gigabyte of memory.

               

              If you decide to open a support case, please zip up all of the log files in the LANDeskAV directory.

               

              You can get to the LANDeskAV directory easily by going to the Run line and typing "Vulscan AV"

               

              As a side note, here are some useful shortcuts that are programmed into Vulscan.exe to open log files or directories:

               

              vulscan av - open LANDeskAV folder (where useful Antivirus log files are stored)

              vulscan c (on later versions of LDMS) - opens the LDCLIENT folder.

              vulscan e - explores the directory containing the vulscan.log files

              vulscan l - opens the vulscan.log file

              • 4. Re: ScanningProcess.exe
                Rookie

                I'm seeing 2 instances also and it's causing a lot of disk thrashing...This is not so much an issue for the higher end pc's but on a low end machine, well it's pretty unusable.

                • 5. Re: ScanningProcess.exe
                  Apprentice

                  Two (or more) copies is normal.  Has to do with the number of processors in the PC.

                   

                  There are some registry hacks that limit the number of copies but IMHO this doesn't do much; one will still take over a lot of CPU and memory while the others just cruise along at low CPU and memory.   My guess is that this was a failed attempt at mult-processor threading.

                   

                  Meanwhile, I've seen it use OVER 1GB of memory on several occasions.   The process, once it runs out of physical memory, begins caching using hard drive as a substitute for physical memory.  In my testing, this happens even BEFORE the PC is completely out of physical memory.   This may be a flaw in the way XP reports memory or it may be a safety to ensure that the system begins caching well before it absolutely needs to.  Either way it slows things WAY down, the hard drive begins swapping memory in and out of physical memory at the same time that the AV is scanning the hard drive.  What a mess.

                   

                  Some things you can do on older machines:

                   

                  1.  Determine if you really need realtime spyware; this takes up to 170MB (if you are on SP2)

                  2.  Under My Computer -> Properties -> Advanced -> Performance Settings, change Visual Effects to "Adjust for best performance"

                  3.  Make sure that My Computer -> Properties -> Advanced -> Performance Settings -> Advanced Tab ->Virtual Memory is set to System Managed Size (remember to hit the SET button and reboot)

                  4.  Make sure that you have all of the patches.  Looks like you are on SP1 which uses less memory than SP2.   SP3 is supposed to be out this week and we'll see if the memory PIGGISHNESS is eased a bit

                  5.  If you are on SP2, make sure you schedule AV scans at a very different time than you schedule inventory or vulnerability scans.   I do inventory scans first, then vulscans, then AV scans, making sure that they never overlap.  Vulscan seems to take about 20 minutes or so on an older XP machine with 1GB (if it doesn't have to load many patches).   LANDesk reports that in the future they will ensure that these jobs are aware of each other... but for right now they don't wait for each other.  Inventory scan sometimes waits for AV but not always.

                  6.  Consider upgrading older systems to 2GB RAM whenever possible- we just finished upgrading ours to 1GB and that does NOT seem to be enough...

                   

                  Good Luck!

                   

                  -B

                  • 6. Re: ScanningProcess.exe
                    LANDave SupportEmployee

                    I would highly suggest installing the latest Antivirus Engine, if you haven't already.  We have reports of a great improvement in both speed and memory usage.

                     

                    http://community.landesk.com/support/docs/DOC-5597

                     

                    However, this patch requires Service Pack 2.

                     

                     

                    Brian,

                     

                    What you may have been seeing for the memory usage was an issue that I observed with our older engine, where on x64 systems (at least) it was consuming memory and disk space when scanning compressed files.  The disk space will still happen regardless, as the compressed file needs to be unzipped prior to scanning the contents.

                     

                    Your advice is great, thanks for the input!