Jump to content
Homer712

Any Reports of High CPU with Process Lasso Pro

Recommended Posts

I set up a fresh test bed using Windows 7 x64 Ultimate /w SP1.

I downloaded and installed MBAR Beta.

I downloaded and installed Process Lasso.

No problems seen. No excessive resource consumption. 

Rebooted. Still no problems.

Installed MalwareBytes Anti-Malware as well. Still no problems.

I will give Windows 10 a try as well, but Ed has already tested there.

Thus, my next question to anyone seeing this: Have you updated to the latest versions of all products (MB and Lasso)? If so, there must be a third factor...

Share this post


Link to post
Share on other sites

We are also tracking this at the this Bitsum Forum Thread (I linked to this MB thread from there, and now vice-versa). I hope affected users can help me find the difference between our test bed(s) and their systems, then we can either find/develop a work-around, or pass this knowledge to MB developers. It could be another MB product is the culprit. Are there any others I should install?

Edited by bitsum

Share this post


Link to post
Share on other sites

I continue to be concerned about this conflict with Process Lasso once the Anti-Ransomware product gets rolled into Malwarebytes Anti-Malware. Seeing how it is relatively easy for me to revert my system to a prior state, I would be willing to reinstall the Anti-Rasomware beta and test further. What I would need prior to installing (from both Bitsum and Malwarebytes) is an exact list of files/logs/etc. that could possible help in the investigation of the issue. I use my PC laptop mostly for support of a hobby (RC flight) and would not be able to leave the beta installed for much longer than a couple of days (assuming the issue persists) as I use the hobby support application on it on a daily basis. I'll wait to hear back.

Share this post


Link to post
Share on other sites

Hello  and :welcome:

It would be most useful at this point to perform a clean install and closely monitor for the reoccurrence of high CPU resources.  Some of the steps below may not be possible, but please continue:

Rather than a simple re-install of MBARW Beta7 (v 0.9.16.484), please consider a clean install of MBARW Beta7:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta7 was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows 10 x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\
                         C:\ProgramData\MBAMService\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the Malwarebytes Anti-Ransomware BETA 7 Now Available topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

The future request for logs, etc. can only be determined when your observations are reported.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

 

Share this post


Link to post
Share on other sites

Just so I am clear, as in "crystal" from one of my favorite movies . . .

log-in through an Administrator's account. <===IMPORTANT!

Does this web page cover the subject of the Windows 10 "hidden"  Admin account creation correctly?

http://www.ghacks.net/2014/11/12/how-to-enable-the-hidden-windows-10-administrator-account/

If so, I will give it my best shot.

Share this post


Link to post
Share on other sites

@Homer712: As I've written, we've been unable to reproduce the problem at Bitsum. Of course, the issue is definitely not with our code, though apparently something doesn't interoperate well with MBAR in some cases.

Do you have any other security software installed on this PC?

Apologies if I ask questions you've already answered...

Thanks

Share this post


Link to post
Share on other sites

I got a notification of what, I suppose, is now a deleted post. To answer the question posed there: What they meant by 'make sure it is an administrator account' is simply that you login as a non-limited user. That is, one who is a member of the administrator GROUP. For 99% of home PCs, that should be your usual user account. Now, for applications that need to use administrative rights, you do need to allow such by using the 'Run As Administrator', or responding to it's prompt in the case of an existing manifest for that application that specifies Admin rights are required. Don't go hacking anything to unhide the built-in Win7 administrator account!

Share this post


Link to post
Share on other sites

I apologize for the time it took to reply to this topic. I have been following it since the beginning and simply did not want to reply with information until more research and collaborating with our development dept. for mbarw was done.

First I would like to address that MBARW does Not initiate "Hooks all over the systems processes".  There has been other security applications that Process Laso seems to have had conflicts with in the past (based on research) that performs these operations, but this should not be relevant here as the same unsupported methods do not happen within MBARW.

After reviewing the logs on this thread and communicating with development, we will be looking into the conflict discussed here. The good news is that MBARW and Process Lasso look to be compatible and run smooth in nearly all tested cases. When the 2 applications are installed on Virtual Machines and regular machines of Windows 7 and higher (x86 and x64) with modern hardware, the situation discussed in this thread does not trigger. We do start to see signs of the discussed events when we start using (or allocating) older hardware in CPUs and RAM. For example, on a Virtual Machine with only a single virtualized core of 2.40ghz, the 2 applications run fine with MBARW monitoring and CPU sitting at 3% minimum and maximum 20% spikes at large File IO operations. 

 

With the reporting user having a Toshiba Laptop with a 2.2 GHz Celeron 900 CPU (from 2009) and 2 gigs of ram, this seem to be more on the side of lack of resources than an actual defect with either application. The PC is running at the very low minimum requirements for Windows 10 also. These tests also did not (and could not) get tested with the basic applications, settings, and environment any user could also be running on their machine at this time also.

 

But even with the analysis above, we will still be making contact with Process Laso's creator to dive into some more technical research to see what can be done in this current situation to make the user experience more pleasurable for both the user and other softwares in general.

In the end user satisfaction is our too priority. I want to thank Homer712 for bringing this to our attention and helping us with our beta! We also appreciate the response of Process Lassos creator for support.

All users here have helped MBARWs BETA tremendously, and for that we thank you! :)

Share this post


Link to post
Share on other sites

Thank you to both the Malwarebytes folks and Bitsum for looking into this issue. Seems that the thoughts regarding cause/effect seem to be pointing to an older (2009) machine with an outdated (painfully slow by today's standards) CPU. I'll have to address this with my wife as it is she who sets the home budgets :D

The other security programs I have running are Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit and Windows Defender. This PC laptop obviously came new loaded with Windows 7. When I upgraded (?) to Windows 10 I did it via a "clean install" and surprisingly, the performance (startup, launching applications, shut down, etc.) became better, so I stuck with the Win 10 install. For the things i use this laptop for, surfing the web with morning coffee and running the few RC hobby programs that I do, it seems to work.

So possibly, what we have here is a very isolated case, that can be resolved by a hardware upgrade and that does not warrant too much additional attention. Both Malwarebytes Anti-Malware and Process Lasso have both worked flawlessly on this machine under both Win 7 and Win 10 and I'm grateful for the attention my "issue" was given. Unless additional information is requested I will consider the issue at least "identified" if not totally resolved.

Share this post


Link to post
Share on other sites

@Decrypterfixer I agree that resource constraints (too much paging activity?) is possible, as nobody has reproduced this yet. However, I'm not convinced to dismiss it at that.

As for troubles with other security software, that is due to their 'tamper-detection' methods and their infinite, repetitive logging of redundant access attempts to their processes. That does not seem to be the case here.

I apologize for suggesting MBAR injects hooks all over the system, so can you tell us what it does do? This was an assumption on my part based on available data. Is there a file system filter driver?

Thanks

 

Share this post


Link to post
Share on other sites

I Agree, this topic will be closed for now. If there is a reason or more information in the future as a reason to update, i will do so then.

 

Thanks to all participants of the thread!

Share this post


Link to post
Share on other sites

I am happy to report that this issue has been resolved as of Process Lasso v8.9.8.48.

I traced it to a high frequency of OpenThread API calls by the Process Lasso GUI. These are normally benign and quickly handled, but the extra scrutiny by MBARW resulted in this excessive CPU use. To be fair to MB, the frequency of calls was very high, and probably won't be seen in other contexts. I was able to rewrite the affected code to do 0 API calls and achieve the same function (it was some really old code from 10+ years ago, which is why it took a profiling session for me to see it).

I apologize for not fixing it sooner, but we weren't initially able to reproduce the trouble, curiously. Perhaps we didn't try or look hard enough :o. Anyway, I got to it in time and now Process Lasso will have far fewer security software issues in general.

Thank you all for your patience. Now you can have both security of your choice and Process Lasso.

Note that this fix is being pushed out today to our new ProBalance Stand-Alone product (in alpha) and Process Lasso v9 (also in alpha), though only the latter had any real issue.

I have attached a profile image just to show this in a more visual fashion...

profiling_results_lasso_mbarw.png

Share this post


Link to post
Share on other sites

Excellent news bitsum! We are glad you were able to pin point the causing issue between our products, and will look forward to relying in the future that Process Laso is compatible with Malwarebytes Products. Of course it would be greatly appreciated if any Process Laso users here report any new problems that may arrise in the future so we may look into them the same way.

 

Should you need any more assistance BitSum or information, please don't hesitate to reach out again!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.