Jump to content

Anti-ransomware layer bogs down formatting

Recommended Posts

I was formatting a MicroSD card, and it was taking an awful lot longer than usual. I opened up the thing I use to track resource hogs, and sure enough, MBAM.exe was bobbing up and down to and from about 6% of total core usage. One by one, I disabled each layer of protection. The highlighted area is where I disabled the Anti-Ransomware layer. The formatting picked up speed after that. Now, since that was the last layer to be disabled, I don't know if it was that layer of realtime protection specifically, or just that any of them at all were running. 


Link to post
Share on other sites

The compatibility issue with Process Lasso and MB Anti-Ransomware (the only known problem) was fixed many months ago and will not return. We also do no hooking at this file-system or device layer, so are doing nothing in that area.

Analysis of the issue did show that MB Anti-Ransomware has a relatively 'heavy' footprint on some of it's low-level hooks.

Now, Process Lasso (again, this is no longer the case), was calling OpenThread with an unusually high frequency, but not an absurd frequency, the CPU should have been able to handle it. Still, that was fixed. We literally do not call that API anymore, gathering the thread status from prior enumerated information we have.

What I am saying is that if Process Lasso had this issue, then other software might. I mean, if an app performs great in a virgin system, a developer passes it on... but then if MBARW is installed and the performance changes, then, well, surprise!

Again, Process Lasso's issue was resolved months ago, and if any evidence exist of an issue with it an MBARW, I would love to hear more (because we test with it now).

I am saying this so nobody assumes this user's use of Process Lasso is the issue. As he shows, the issue goes away with Process Lasso continuing to run. 

p.s. Thanks for being a Process Lasso user ;)

Edited by bitsum
Link to post
Share on other sites

  • Root Admin

Actually, if you would be so kind @gman68w and run the following, then restart the computer and retest formatting the card and let me know if that helped any or not.



1. Open a CMD Window as an Administrator on the target server and enter the following commands:


  • cd %windir%\system32\
  • lodctr /R
  • cd %windir%\sysWOW64\
  • lodctr /R


    Note: This should not affect performance on the machine. This command resyncs the counter values.


2. Open up Regedit and navigate to the following registry key:




3. Make sure that the value (if it exists) for the Disable Performance Counters is not 1.  If the entry does exist and the entry is 1, change it to 0 or delete that entry within the key.  ** PLEASE NOTE ** make sure you contact your system administrator before making changes to the registry, and make sure that you back it up before you delete it.


4. Restart the Windows Management service.


Note: After completing the Microsoft instructions, a reboot is required.



Link to post
Share on other sites

18 hours ago, Aura said:

I was just wondering. I don't know how Proccess Lasso works, so if it had some kind of real-time monitoring, it could have been another issue with the Anti-Ransomware module, but it looks like it isn't.

It is no problem, and since there was a former incompatibility, it was prudent to ask about. Certainly the user should try w/o Process Lasso, to be safe. It just doesn't operate near any of this disk-level or file-system stuff, and the prior GUI (only) bug was fixed in absoluteness, so I'm pretty confident on it - but to be 100% would be arrogance, so don't take anything off the table.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.