Jump to content
Homer712

Any Reports of High CPU with Process Lasso Pro

Recommended Posts

I am running Process Lasso Pro and Malwarebytes Anti-Malware Pro on a Windows 10 Toshiba laptop. The high CPU usage is coming from Process Lasso Pro when Malwarebytes Anti-Ramsomware is running (active). As soon as I exit Malwarebytes Anti-Ramsomware the CPU usage for Process Lasso Pro drops to nil. As soon as restart Malwarebytes Anti-Ramsomware, Process Lasso Pro CPU usage goes back up to a very high level. Any prior reports of this?

Share this post


Link to post
Share on other sites

Need to add that once I quit Malwarebytes Anti-Ramsomware I was not able to restart it via the task bar icon. A restart seemed to do the trick and now with Malwarebytes Anti-Ramsomware running, Process Lasso Pro has settled back down to normal. Possibly this was just a one time issue (after initial install) and a reboot has fixed whatever issues I was having.

Share this post


Link to post
Share on other sites

Spoke too soon. The issue seems repeatable. I can now turn Malwarebytes Anti-Ramsomware on/off via the task bar icon (right click) and with each "on" of Malwarebytes Anti-Ramsomware CPU load goes to 100% with Process Lasso Pro taking the lions share, and with each "off" of Malwarebytes Anti-Ramsomware the CPU load goes to nil, with Process Lasso Pro at near zero CPU load.

Share this post


Link to post
Share on other sites

Hi Homer :)

The same issue existed with Emsisoft Internet Security, and Process Lasso's dev had to take it with Fabian (Emsisoft's CTO) to work on the issue.

https://support.emsisoft.com/topic/18705-eis-consuming-cpu-because-of-process-lasso/

It seems like the issue comes from Process Lasso, and not Malwarebytes Anti-Ransomware. I would try to add Process Lasso folders, executables and processes to the Exclusion list, and if it doesn't work the issue, bring it up directly with the program's dev, since the issue is most likely on his end.

Share this post


Link to post
Share on other sites

Hello Homer712:

Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

I am the author of Process Lasso. I was notified of this interoperability issue by users a while back.

Please, I do not mean to sound confrontational, but:

Am I clear that your position is that you develop software that injects hooks all over the system, changing the performance characteristics of the OS and all running applications, then blame the other applications for any problems?

Now, if there is anything I can do to mitigate this issue, please let me know. However, I need to understand the nature of the issue, and haven't yet had time to ferret it out. Could we cooperate, as opposed to passing the buck? 

Thanks!
 

Share this post


Link to post
Share on other sites

Hi bitsum,

Nice to see that you registered here to talk about this issue. I'm aware of the issue your program had with Emsisoft in the past, and that you brought it up with Fabian at the time to solve it. I was kind of hoping that the same would be happening here since it seems to be a sensible issue. I'm not a Malwarebytes employee, so I'll wait for one to step in.  @Decrypterfixer (Nathan) would be the best person to contact about this. He should be notified of this thread since I quoted him.

Share this post


Link to post
Share on other sites

Thanks! I'll set up a test bed, and have Ed (our QA guy) keep an eye on this as well. If I can do something (within reason), then I will. However, when an application (MBAR) injects so many hooks all over the system to intercept activity, the burden to retain proper system functionality really is with *that* application. Process Lasso, by contrast, does not inject any hooks outside it's application, so it's entirely self-contained.

If MB developers would like to move this to a private conversation, please email jeremy@bitsum.com .

Edited by bitsum

Share this post


Link to post
Share on other sites

Homer712 can you give any more info as to when you see this and what kind of CPU5 are we talking about.

I have a Win10 VM with PL and MAM Por beta but not seeing any problems.

 

Ed (QA of Bitsum)

Edited by edkiefer

Share this post


Link to post
Share on other sites

I reported high CPU usage to Bitsum less than 24 hours ago.  They were very quick to reply and explain the issue I am having. From my understanding the culprit appears to be Malwarebytes Anti-Ransomware BETA.  I suppose this is to be expected when dealing with a BETA product.  I am just glad to understand that my Process Lasso is in fact working in the same way I have known to trust it for many years as soon as I 'Stop Protection' using Malwarebytes Anti-Ransomware BETA. I hope to see a solution to this problem soon as both are important tools on any machine.

Share this post


Link to post
Share on other sites

In the time that has passed I have removed MAR Beta and kept Process Lasso Pro. My concern is what happens when Anti-Ransom is rolled into Anti-Malware.

Laptop information is as follows:

Windows 10 Home (x64) (build 10586)
Install Language: English (United States)
System Locale: English (United States)
Installed: 4/24/2016 11:28:42 AM
Servicing Branch: Current Branch (CB)
Boot Mode: BIOS (Secure Boot not supported)

TOSHIBA Satellite C655 PSC08U-02D01D
System Serial Number: 6A187318Q

2.20 gigahertz Intel Celeron 900
64 kilobyte primary memory cache
1024 kilobyte secondary memory cache
64-bit ready
Not hyper-threaded

Board: TOSHIBA Portable PC Base Board Version
Bus Clock: 800 megahertz
BIOS: INSYDE 1.70 07/07/2011

3964 Megabytes Usable Installed Memory

Slot 'DIMM0' has 2048 MB (serial number 93CA9505)
Slot 'DIMM2' has 2048 MB (serial number FB33F190)

Share this post


Link to post
Share on other sites

HJT isn't supported anymore, and doesn't support Windows 10. If you need a diagnostic set of logs, I would suggest you to grab FRST logs instead :) 

Share this post


Link to post
Share on other sites

Ok, Maybe Hijackthis is not fully supported in Win10 (I did get HOST write error ), but for what I want it is more than enough, but FRST would be fine to.

I am just mainly looking at startup/running processes and services, as I don't care on the AV/security side :)

Edited by edkiefer

Share this post


Link to post
Share on other sites

HJT won't accurately report these, while FRST will :) So the FRST.txt (standard output) should be enough.

Share this post


Link to post
Share on other sites

Hi Ferds :)

There's already a thread that reports this issue, so I don't think there's a need to start a second one. In fact, you even posted in it.

It would be better if all the information was centralized in one thread, rather than have everyone here start their own thread, as it would make the support process harder.

Share this post


Link to post
Share on other sites

Hello Ferds:

Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach those zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

Hello Homer712:

A possibility exists that the system's MBARW Beta logs were not removed.  Please attempt to retrieve the logs directory.

  1. Hold down the Windows Key WindowsKey.png + Press "R". If successful, a Run window will open.
  2. Type, or Copy and Paste, the following in the Open: textbox: "%ProgramData%\Malwarebytes\MBAMService\logs" (Please include both quote characters).
  3. If the last step was successful, an explorer window may be seen containing files.  Please highlight all files in this directory by typing Ctrl + A.
  4. With all files selected, right-click any file and click "Send to" >> "Compressed (zipped) folder".  The .zip file should be sent to the desktop.
  5. If successful, a new zip file will have been created on the desktop. Please rename this file MBARW-LOGS.

If the directory was still there, please attach the zipped archive to your next reply.

Thank you.

Edited by 1PW

Share this post


Link to post
Share on other sites

Sorry, but although the directory is there C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs it only contains logs for Anti-Maleware. There is a second directory for Anti-Exploit but there are no log files in that folder. Sorry.

I'm not surprised though. It is my habit, prior to installing any software, especially beta, to make a backup image (I use Macrium Reflect) of my hard drive. If things go wrong, rather than going through an uninstall (at times not everything truly gets uninstalled) I just re-image my hard drive with the backup.

Share this post


Link to post
Share on other sites

This is under investigation. The fact that the CPU utilization appears within ProcessLasso.exe's instance does not mean it 'comes from' Process Lasso, as odd as that may sound. That is because MBARW hooks are present in that process's context.

I, the author of Process Lasso, am investigating this issue to determine if there is anything I can do on this end, or if there is any guidance I can give MalwareBytes. It would be helpful for a developer on their end to engage in this as well. I'm certain that if this interoperability issue exists within Process Lasso, then it surely does in other applications as well.

As for what can be done in the interim... It's possible, though not proven, that disabling the 'Process Icons' in the View menu of Process Lasso's GUI can mitigate the problem. This reduces disk accesses, which may be what MBARW is getting hung up on. If all else fails, you can set the Process Lasso GUI to start manually, since the core engine (processgovernor.exe) does all the rule enforcement. The system tray icon won't be present in this configuration, but Process Lasso's real-time optimization and automation algorithms will all be active.

This thread should be merged with the other I suppose.

Share this post


Link to post
Share on other sites

I sent a PM to an Admin, and asked them to ask someone from the MBARW dev. team to take a look at both the threads on this issue. Hopefully, someone from the team will communicate with you shortly and you'll be able to work together to solve that issue.

Share this post


Link to post
Share on other sites

Hello Homer712:

I appreciate the try.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.