Jump to content
COBKA

Avast Service High CPU and Malwarebytes Web Protection

Recommended Posts

Maybe of interest to some on this forum I have noticed the Avast Service regularly using 50% CPU on one of my laptops (Win 7 64 bit). I did some trials of closing some software whilst watching Task Manager Performance Monitor and lo and behold when I closed Malwarebytes (the latest component 1.0.527 version) the CPU usage of Avast Service immediately fell to zero. I then tried just turning Malwarebytes Web Protection off, rather than exiting the software, and got the same response. So it looks like there may still be some compatibility issue there. I have another laptop with the same software in play and as yet I haven't noticed the same high CPU usage but it maybe something for others to look out for.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Thanks for reporting this.  Yes, it definitely sounds like there could be some remaining conflict there, and well done on fleshing it out :) 

If you haven't already, it might also help to add exclusions to each program for the other.  The items to exclude for Malwarebytes in Avast can be found in this support article and as for Avast, excluding its folder under Program Files/Program Files (x86) and any of its data folders (likely under C:\ProgramData and/or C:\Users\<user name>\Application Data) along with any individual Avast drivers located under C:\Windows\System32\drivers should be sufficient.  You can likely determine where the majority of Avast's active components are located using a tool such as MS Sysinternals Autoruns and looking for items belonging to Avast (especially for non-EXE items like drivers that don't show up in Task Manager etc.).

In the meantime I'll report your findings to the team for testing.

Thanks

Edited by exile360

Share this post


Link to post
Share on other sites

Further to exile360's post I should have also confirmed that the Malwarebytes folders and drivers were already exceptions in Avast and the Avast Program Files and Program Data folders excluded in Malwarebytes. I'm not sure what the Avast drivers are in order to add them to Malwarebytes exclusions but maybe that is something I will look into!

Share this post


Link to post
Share on other sites

As a counterpoint, I'm running Win 7 Ultimate SP1 x64 / Avast Premier (latest/fully armed) / MBAM (latest/fully armed), with no signs of conflict. On average, both MBAMService / AvastSVC typically using < 1% CPU each, according to Process Explorer. I've been watching closely since the CU 1.0.527 was installed.

Share this post


Link to post
Share on other sites
18 minutes ago, AnotherConcernedCitizen said:

As a counterpoint, I'm running Win 7 Ultimate SP1 x64 / Avast Premier (latest/fully armed) / MBAM (latest/fully armed), with no signs of conflict. On average, both MBAMService / AvastSVC typically using < 1% CPU each, according to Process Explorer. I've been watching closely since the CU 1.0.527 was installed.

Yep, it's likely that this issue is system/hardware/configuration specific.  The OP even mentioned they had another system where this issue was not occurring so it may well be something of a corner case, like it only happens when using certain drivers/network cards or something like that.

In fact, for the affected system it would be good to get some additional info as that will help the QA/test team validate the issue which will aid them in helping the Developers to track down the cause and eventually find a solution so for the affected system please do the following:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Next, please do the following:

Create a List of Loaded Drivers:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    sc query type= driver>>"%userprofile%\desktop\drivers.txt"
    del /f /q %0
    Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file Drivers.bat(the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes you will find a new file called drivers.txt on your desktop; please zip and attach it to your next reply.

And finally, please do the following:

Provide System Specifications:

  • Please download Speccy from here and save the ZIP file to your desktop or another location where you can easily find it.
  • Right-click the file select Extract All... then click Extract in the window that pops up and it should be extracted to a folder in the same location as the ZIP file you downloaded.
  • Open the extracted folder and then double-click on the version of Speccy appropriate for your system (select Speccy.exe if using a 32 bit Windows version or Speccy64.exe if you are running a 64 bit version of Windows) and click Yes, OK or Allow if prompted by User Account Control.
  • Once the program starts it will analyze your system, please be patient as it may take a few moments to complete.
  • Once it finishes and none of the areas say Analyzing click on the File button at the top and select Save Snapshot...
  • Save the file to your desktop and click Ok to confirm
  • Go to your desktop and right click on the file you just created and hover over Send to and select Compressed (zipped) Folder
  • Please attach the zip file you just created to your next post

All this is optional, but it likely would help to track down the root cause of this issue more quickly.  If you could do the same on your system where this issue is not present, that could be helpful as well since it will provide an example from a system that is affected by this issue as well as one in the same environment that is not.

Share this post


Link to post
Share on other sites

Yes I'm sure that exile360 is correct and this is system/hardware/configuration specific because I'm actually running a number of other systems with Avast Free and MBAM Premium and haven't noticed this behaviour. I only mention it here because high CPU usage by Avast Service has been reported on the Avast Forum from time to time and I notice one or two of those posters were also using Malwarebytes software. The affected system is a pretty ancient Sony Vaio and I'm not so conerned because its reaching the end of its usefulness anyway!

 

mbst-grab-results.zip

drivers.zip

VAIO.zip

Share this post


Link to post
Share on other sites

Thanks for the logs/data.  I'll ping a member of the team to take a look/pass them on to the Developers.

@tetonbob or @LiquidTension could one of you guys please grab the logs provided to help QA/Dev investigate this issue with Avast?  It appears to be a corner case that is likely specific to certain hardware and/or software configurations.

Share this post


Link to post
Share on other sites

Thank you for reporting, COBKA. To confirm, the high CPU usage is experienced with the Avast service named  "avast! Antivirus" (that points to C:\Program Files\AVAST Software\Avast\AvastSvc.exe)?

Please reproduce the high CPU usage with AvastSvc and then carry out the steps below so we can obtain a memory dump.

MgeHyNE.png ProcDump (Memory Dump)

  • Please download the attached procdump.zip.
  • Open your Downloads folder.
  • Right-click HSPwQfy.png procdump.zip and click Extract All... followed by Extract.
  • Reproduce the high CPU usage with AvastSvc.
  • Locate the extracted procdump folder inside your Downloads folder. Open the procdump folder.
  • Right-click CX41PDv.png memory.bat and select AVOiBNU.jpg Run as administrator to run the file.
  • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
  • Wait 10-30 seconds and the Command Prompt will eventually disappear.
  • Return to the procdump folder. Inside you should now find a file with a .dmp extension.
  • Right-click the .dmp file and click Send to followed by Compressed (zipped) folder.
  • This will create a Zip file in the folder. Please attach the HSPwQfy.pngZip file in your next reply

procdump.zip

Edited by LiquidTension

Share this post


Link to post
Share on other sites
4 hours ago, LiquidTension said:

Thank you for reporting, COBKA. To confirm, the high CPU usage is experienced with the Avast service named  "avast! Antivirus" (that points to C:\Program Files\AVAST Software\Avast\AvastSvc.exe)?

Please reproduce the high CPU usage with AvastSvc and then carry out the steps below so we can obtain a memory dump.

MgeHyNE.png ProcDump (Memory Dump)

  • Please download the attached procdump.zip.
  • Open your Downloads folder.
  • Right-click HSPwQfy.png procdump.zip and click Extract All... followed by Extract.
  • Reproduce the high CPU usage with AvastSvc.
  • Locate the extracted procdump folder inside your Downloads folder. Open the procdump folder.
  • Right-click CX41PDv.png memory.bat and select AVOiBNU.jpg Run as administrator to run the file.
  • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
  • Wait 10-30 seconds and the Command Prompt will eventually disappear.
  • Return to the procdump folder. Inside you should now find a file with a .dmp extension.
  • Right-click the .dmp file and click Send to followed by Compressed (zipped) folder.
  • This will create a Zip file in the folder. Please attach the HSPwQfy.pngZip file in your next reply

procdump.zip

Right-click CX41PDv.png memory.bat and select AVOiBNU.jpg Run as administrator to run the file.

Right click of the memory.bat file does not give me that option. I have Open, Cut, Copy, Delete Properties.

In the folder there is Eula.txt, memory.bat and procdump.exe

Share this post


Link to post
Share on other sites
4 minutes ago, COBKA said:

Right-click CX41PDv.png memory.bat and select AVOiBNU.jpg Run as administrator to run the file.

Right click of the memory.bat file does not give me that option. I have Open, Cut, Copy, Delete Properties.

In the folder there is Eula.txt, memory.bat and procdump.exe

Please ensure the files inside the procdump.zip file are extracted first (right-click procdump.zip > Extract All... > Extract). You'll then have the option to run the memory.bat file as administrator.

Share this post


Link to post
Share on other sites

Apologies was looking in the procdump folder insider the procdumpzip folder - there is another folder in the Downloads Folder called procdump which in turn contains a folder called prodump and that has the correct batch file! Will run again when I get the CPU spike.

Share this post


Link to post
Share on other sites
12 hours ago, LiquidTension said:

 

  • Right-click the .dmp file and click Send to followed by Compressed (zipped) folder.
  • This will create a Zip file in the folder. Please attach the HSPwQfy.pngZip file in your next reply

procdump.zip

Hi LT,

I had a spike of AvastSvc.exe at 90-100% CPU and ran the batch file. The system got a bit unstable and I couldn't even close MBAM to stop the spike. The zip file produced is 185 mb so can't attach here. Do you want me to upload it somewhere?

Share this post


Link to post
Share on other sites

Yes, please upload the file to WeTransfer.com. Here are the instructions:

  • Open the WeTransfer.com website.
  • Click Add your files, navigate to your Desktop and double-click the Zip file.
  • Click (...) and select the link radio button under Send as.
  • Click Transfer.
  • Copy the download link and paste into your post.

Share this post


Link to post
Share on other sites

There are 2 instances of the spike here. The 90-100% CPU spike mentioned above and the more normal pattern of 50% AvastSvc.exe CPU peak which can be immediately reduced by turning off MBAM Web Protection temporarily.

https://we.tl/t-l88afvr7jd

Share this post


Link to post
Share on other sites

Thanks!

We've just released a new beta version of Malwarebytes.

Details can be found here: https://forums.malwarebytes.com/topic/242033-mb37-beta/

Could you give this a try and check if the issue still occurs. To install this beta version, please refer to the steps below.

  • Open Malwarebytes and click Settings followed by the Application tab.
  • Scroll down to Beta Application Updates and turn the option On.
  • Click OK when prompted.
  • Scroll back up and click Install Application Updates.

Share this post


Link to post
Share on other sites

I have been running with the new beta version for 8 hours without a AvastSvc.exe CPU spike so far. I think it looks very encouraging.

Share this post


Link to post
Share on other sites
13 hours ago, COBKA said:

I have been running with the new beta version for 8 hours without a AvastSvc.exe CPU spike so far. I think it looks very encouraging.

Thank you for the update!

Please continue to monitor the situation and let me know if you encounter any further issues. If it returns, please generate a new memory dump in the same manner as before and upload to WeTransfer.com.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.