Jump to content
Francois_Blais

Malwarebytes 3 seems to slow computer during compiling of programs

Recommended Posts

The latest update indeed fixed the problems I had.

But ultimately I uninstalled MBAM completely because it was slowing down my machine too much.

Share this post


Link to post
Share on other sites

@Francois_Blais quite odd. I have 30 other applications consuming way more resources than Malwarebytes. Disk IO: 0%, CPU: 0.34% Network: 0%, Memory: all programs totaled less than 500K

I know many of the antivirus products these days have significantly reduced their resource usage, but surely you're kidding? During an update, I don't even notice it updates unless I open and watch it. About the only time, it makes a noticeable impact on my system is when it does an actual Threat Scan, but that's true of every single security product on the market. 

Maybe there is/was some type of conflict with something on your system, but as for slowing down the computer I'm just not seeing it on any of my computers and watching resource usage confirms it. Firefox is almost always the biggest resource hog on my system, and at times, can approach using over 2GB of memory and several percents of the CPU. 

Up to you, but if you'd like me to help you take a look at your computer again (been a long time) I'd be more than happy to, just let me know.

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Hi Ron.

The slowdown is extreme when I compile an executable file with the LabView development system. (National Instruments)

The program is configured in MBAM's exclusions, but it doesn't seem to help.

Sole other protection software was MSE.

With MBAM removed, compilation is very fast again.

Sole thing I can think of, is that the executable file is created on a network drive.

Maybe MBAM's IO is much slower on network drives?

 

Regards,

François

Share this post


Link to post
Share on other sites

@Francois_Blais in this situation, you'd actually want to exclude the directory where the compilation happens. For example, my Visual Studio compiles in My Documents\Visual Studio 2015\Projects\<PROJECTNAME> and a subfolder of there, so I've excluded that root Visual Studio 2015 folder.

Share this post


Link to post
Share on other sites

There was a version we had out that did have a conflict with MSE antivirus. Not sure if that is/was your issue but that was fixed. I also found that quite a few computers have a corrupted Performance Monitor setting. The following should be ran on your system to rebuild it and if that was affecting the speed, on reboot you should notice an improved performance in speed.

 

1. Open a CMD Window as an Administrator on the target server and enter the following commands:

  • cd %windir%\system32\
  • lodctr /R
  • cd %windir%\sysWOW64\
  • lodctr /R

This command resyncs the counter values.

2. Open up Regedit and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance

3. Make sure that the value (if it exists) for the Disable Performance Counters is not 1.  If the entry does exist and the entry is 1, change it to 0 or delete that entry within the key.

 ** PLEASE NOTE ** make sure you contact your system administrator before making changes to the registry, and make sure that you back it up before you delete it.

4. Restart the Windows Management service, or better yet, restart the computer.

 

Then doing a clean removal and reinstall of Malwarebytes should get you up and running again.

 

Please read the following topic and then run the Malwarebytes Clean Removal tool mb-clean

https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/

The download link for the tool is:  https://downloads.malwarebytes.com/file/mb_clean


Restart the computer when done and reinstall Malwarebytes 3 with the latest build again.

Here is the link for the latest installer
https://downloads.malwarebytes.com/file/mb3


Thank you and let us know how things go after following the advice above from Devin and Myself.

Ron

 

Share this post


Link to post
Share on other sites

Thanks!

Did all this and about an hour after reboot and reinstallation, the computer froze.

Upon cold boot (had to to a physical shutdown), ransomware protection had turn off itself.

Turned it on.

I did a compile after that, but honestly it seemed the same low speed I got before. (excluded the network drive of course)

I'm going to install CU4.1 (engine 1.0.103) to see if it helps.

 

Later,

François

 

Share this post


Link to post
Share on other sites

Would you mind trying go compile with different protection modules turned off? Under Settings -> Protection you have the option to turn off all of the protection modules, I'd start by turning them all off and verifying your compilation works properly. Then start turning them on and seeing when it gets worse. My guess is either Ransomware Protection or Exploit Protection

Share this post


Link to post
Share on other sites

Good idea!

Will try that and come back with the results after Easter holiday.

 

Best,

François

Share this post


Link to post
Share on other sites

Update:

Maybe you won't believe me, but disabling *all four* protections (web, malware, anti-exploit and ransomeware) don't change anything, no speed improvement!

Sole thing that worked, short of uninstall, was to deactivate the license, converting MBAM to freeware mode and rebooting.

Seems MBAM is still slowing the I/O, even with all protection turned off, wow!

 

MBAMversion.jpg

Edited by Francois_Blais
added version screenshot

Share this post


Link to post
Share on other sites

Can you please run some Process Monitor logs and Process Explorer to show this issue.

Did you run this?

Open a CMD Window as an Administrator on the target system and enter the following commands:

  • cd %windir%\system32\
  • lodctr /R
  • cd %windir%\sysWOW64\
  • lodctr /R

 

What is slow? CPU usage high?

Disk IO high?

 

 

Share this post


Link to post
Share on other sites

Yes, I have run the lodctr commands last week.

For the moment, all I can say is that the whole compilation process takes several times longer than without MBAM.

I'll try to see if I can come up with something more specific.

Do you have some in-house supervisor software which can watch MBAM and generate some logfile?

Or special command-line options to launch MBAM to get logfiles?

 

Regards,

François

Share this post


Link to post
Share on other sites

You can go into the program and under Settings, Event Log Data - turn that on, but I'm doubting that will produce anything useful.

Certainly odd that the compiler would know, care about Malwarebytes and the other way around too.

If we had to we could probably setup a Perfmon Log to see what's going on but knowing if it's a disk IO, Memory, or CPU issue would certainly help us to know which direction to look. On Windows 7, 8, and 10 there is a more advanced Resource Monitor that should be able to help show you what is taking resources during the compile and it's it Malwarebytes then I'd think one of the main resources should show. disk, memory, cpu

 

 

Share this post


Link to post
Share on other sites

Thanks, I'll check with resmon tomorrow.

Do you know a way to get more than 60 seconds of scrollback?

Share this post


Link to post
Share on other sites

I'm not aware of any settings that allow you to change that set time.

The following articles though can help you with better tools to analyze what's going on.

How to Use Resource Monitor to Troubleshoot Unresponsive Applications in Windows 7 and Windows 8
https://www.sevenforums.com/tutorials/12547-resource-monitor-troubleshoot-unresponsive-program.html

How to work with the Performance Monitor in Windows
http://www.digitalcitizen.life/basics-about-working-performance-monitor

 

 

Share this post


Link to post
Share on other sites

Ok, so here's some thought food.

I did graphs with Windows performance monitor. (CPU, memory and disk usage)

Network compile is about 2.3 times slower than local compile.

Disabling all the protections doesn't change anything, profiles are almost exactly the same. (very strange...)

Deactivating the license makes the compile very fast, even across the network.

Note: all compile target directories were in the exclusions

My first impression is that disk I/O speed makes the biggest impact.

Network access is slow when MBAM is real-time, even if all protections have been turned off (web, malware, anti-exploit and ransomware), which is really strange.

LOCAL COMPILE:

MBAM_ON_local_compile.gif

 

NETWORK COMPILE with everything activated:

MBAM_ON_network_compile.gif

 

NETWORK COMPILE with everything turned OFF:

MBAM_OFF_network_compile.gif

 

NETWORK COMPILE in FREE mode:

MBAM_FREE_network_compile.gif

Edited by Francois_Blais
added comments

Share this post


Link to post
Share on other sites

Can you check for updates to your network card and see if that makes any difference.

What is your current network card and driver version?

 

Share this post


Link to post
Share on other sites

Thanks Ron.

It's a Dell computer with a Broadcom netlink gigabit network adapter.

FWIW, I was able to find a newer driver but the compile time went from 3.5 seconds to 4.5, so hardly a success.

I had rebooted after installation of the new driver.

I'm still puzzled about the throughput beeing the same whether the protection is enabled or disabled though, but can live with slower compile times, since I'm not compiling 8 hours a day... :)

 

Best regards,

François

Share this post


Link to post
Share on other sites

@Francois_Blais can you try a couple more things to help us try to narrow down the cause?

First off, please grab the log files mentioned in the following thread:

After that, can you go into Settings -> Protection, turn off all four modules, and also turn off self-protection as well, then try to compile and see if the performance is improved

Share this post


Link to post
Share on other sites

Hi Devin.

Please read posts #11 and #17 in this thread, to answer your second question.

Share this post


Link to post
Share on other sites

There are actually five protection modules, and that's what you disabled earlier. Self-Protection is not a normal Protection Module, as it's designed to keep MB3 protected and not the rest of your system. This is in a separate area of the Settings -> Protection page.

Share this post


Link to post
Share on other sites

Oh, thanks, missed that one, sorry!

I'll check again in a few days and let you know.

However, for some reason, MBAM disappeared from the tray a couple of days ago.

The service is running but not the tray app. Strange.

Share this post


Link to post
Share on other sites

Bingo!

It's the self-protection module that causes the slowdown, even with the other four protections disabled!

I'm attaching the requested files, but I can't include mbamservice.log in the logs because 7-zip complains it's open into another program. (makes sense)

Had to disable self-protection to be able to make a zipfile of the other logs.

Addition.txt

FRST.txt

MB-CheckResult.txt

logs.zip

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.