Jump to content


Photo

Freshclam.exe Takes Up 50% Of Cpu, Overheats Laptop


  • Please log in to reply
9 replies to this topic

#1 elzach

elzach

    Member

  • Members
  • PipPip
  • 11 posts

Posted 08 June 2017 - 11:29 AM

I installed the latest version 5.0.2 on Win XP SP3 last Saturday. Everything was running smoothly, except for sfc.exe getting up to 500 MB of ram on boot up, but after a couple of minutes it would drop to 30 MB.

 

Just today freshclam.exe and freshclamwrap.exe reared their ugly heads. A few questions:

 

A. Isn't it strange that I noticed them 6 days after installing, that they didn't come up before?

 

B. Freshclam.exe was running at constant 50% of CPU, overheating my laptop, for about 15-20 minutes. It then died down on its own and sfc.exe ran at 50% of CPU for about 1 minute. Then back to normal.

 

I disabled ClamAV engine. Should I also disable Auto definition updates?

 

Any suggestions? Is this a known issue on Win XP? Thanks!


Edited by elzach, 08 June 2017 - 11:38 AM.


#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 08 June 2017 - 01:04 PM

Hello elzach, no that's not normal behavior. The main process sfc.exe does take up some system resources when first connecting to the cloud or sending a file for analysis, that's actually normal. Freshclam & freshclamwrap are processes associated with the ClamAV engine but they shouldn't be taking up so much system resources for such a prolonged period of time. It sounds like Immunet is having difficulty downloading/installing the ClamAV definition updates on your machine for some reason but if you no longer wish to use the ClamAV engine I would definitely recommend you also turn off the updates for it.

Could there be another security app you're using that's interfering with or blocking any of Immunet's processes (firewall, companion AV or some other behavior blocking/H.I.P.S./sandboxing software)? That's one of the first things you should check if applicable.

 

If you continue to see prolonged system resources still being used by Immunet I would highly urge you to submit a Support Diagnostic Tool report directly to Support. You can find info on how to create and submit a SDT report in our FAQ section of this forum.
 

Regards, Ritchie...


* Immunet Global Forum Moderator *


#3 elzach

elzach

    Member

  • Members
  • PipPip
  • 11 posts

Posted 09 June 2017 - 09:13 AM

Thanks Ritchie.

 

No I'm not using any other security app, only Malwarebytes that I run occasionally and the Windows firewall (could that play a role?).

 

Yes I did disable ClamAV auto updates also. So I understand 100%, that means I only don't have offline protection, as in let's say connecting a usb drive with unknown contents while offline, correct?

 

Btw, if I connect a USB drive while online, there is protection, right?

 

Another unrelated question, I noticed I can't run a scan in safe mode, that's to be expected right? I thought it may act like Panda, which does allow that.

 

Thanks again.



#4 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 10 June 2017 - 04:26 AM

I also use Malwarebytes Free as an additional "on-demand" scanner, have for years. There's no conflicts there if you add an exclusion for MB's Program Files folder and create an exclusion for Immunet's Program Files folder with MB too.

 

That is correct, with the ClamAV engine disabled you do loose off-line scanning capabilities but if you have a constant uninterrupted internet connection you're still being protected by the ETHOS & SPERO cloud engines. It's good to leave those on at all times anyway.

 

Immunet does not have automatic USB scanning. However, as soon as you plug-in a USB device and Explorer recognizes the drive you can use a right-click context menu scan to verify that the contents are malware free.
 

I know with version 3 you could do a Safe Mode scan unless version 5 is different. I haven't been told that this feature is not supported anymore. Since you do have the ClamAV engine turned off if you run a scan in Safe Mode you'll have to use the option of using "Safe Mode with Networking" so the cloud engines can connect to the internet.
 

Ya know there have been times when people ran into problems because Immunet didn't install correctly. Sometimes an uninstall and reinstall can fix things. If you wanna give that a go when the uninstaller asks you if you plan to reinstall Immunet again choose the "NO" option. This will delete all previous history files & settings. You'll have to adjust the settings again to your liking and add any exclusions you may have added. That might be worth a shot! But, if you still see behavior worthy of Support's attention you could still send that SDT report before you do an uninstall.

 

Cheers, Ritchie...


* Immunet Global Forum Moderator *


#5 elzach

elzach

    Member

  • Members
  • PipPip
  • 11 posts

Posted 11 June 2017 - 01:23 PM

Hi Ritchie, thanks.

 

I just confirmed, CANNOT do a scan on "safe mode with networking", even though I had wifi on and brought up my browser. I saw sfc.exe was not running. Can you bring this up with Immunet support? I think it's a major design flaw.

 

So far Immunet is running smoothly since I disabled ClamAV. I may enable it again in the near future to see how freshclam.exe behaves. Forgot to ask, should I add an exception on Win firewall?


Edited by elzach, 11 June 2017 - 01:25 PM.


#6 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 12 June 2017 - 02:42 AM

Thanks for the additional feedback elzach. Did you try to manually launch Immunet once you booted up in Safe Mode (using the Desktop or All Programs icon in the Immunet folder)? If so, It does look like version 5 no longer supports a scan in Safe Mode. I think that's bad too but good I found out so I won't recommend that option to anyone else. It could be a bug as you suggested.

 

Windows Firewall should have alerted you to allow Immunet's processes internet access when you first installed it. You could check it to make sure the processes do have unlimited access, that's certainly wouldn't hurt any to see that there are exceptions in place including the processes for ClamAV.
 

Regards, Ritchie...


* Immunet Global Forum Moderator *


#7 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 15 June 2017 - 06:07 AM

My roomy uses an old dinosaur of a machine that has XP Pro SP3 with only 1 gig of outdated DDR memory. He's rather computer illiterate, one of those people that like to use it but not do any real maintenance on it. He relies on me to do that.

I noticed he was still using version 3 so I updated to Immunet version 5 for him. That was a mistake! Immunet 5 & his other start-up apps was using up so much RAM that it would just shut down shortly after booting up because of 100% RAM usage. I had to uninstall Immunet using Safe Mode just to get his old desktop PC to function again! I installed Panda Free Cloud Antivirus (which I helped closed alpha & public beta test with a virtual machine years ago btw) on his machine instead which takes up a much smaller amount of RAM at boot up.


* Immunet Global Forum Moderator *


#8 elzach

elzach

    Member

  • Members
  • PipPip
  • 11 posts

Posted 15 June 2017 - 10:04 AM

Hi Ritchie, thanks for the feedback.

 

A few things:

Yes, I did try to run Immunet in Safe Mode, it was basically disabled.

 

My Win Firewall does NOT have any exceptions for Immunet, including sfc and freshclam.

 

I never tried Immunet 3, I actually came here from Panda Free, they FORCED the upgrade to latest version on us and I didn't appreciate that. They installed an upgrade executable which tried to install upon shut down of computer. In probably 20 years of using computers I don't think I ever saw this kind of practice. And brw, there are many complaints about their latest version (which might explain the forced upgrade, since no one would install it by choice!).

 

Now, a couple of new things:

I just did a FULL SCAN, it took about 1.5 hours to scan 80 GB of data, all along running the CPU to 40%-70%. Which means that if you got 1 TB of data, you're looking at a full day's scan!

 

Also, more importantly, it found a false positive: Netfilter2.sys in Windows\system32\drivers\netfilter2.sys

Without this, the virtual network adapter of many VPN programs cannot run. I restored it from quarantine and my vpn woks fine again.

Where do we report false positives?



#9 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 16 June 2017 - 05:21 AM

Hi elzach, if there is no exceptions for Immunet you should add them just to avoid possible conflicts with your firewall.

 

Yeah, I use Panda & Immunet as companion AV's. One of the biggest problems with using Panda alongside Immunet is that Immunet will "almost always" quarantine the RarSFX files that Panda uses to update to a new version. So this approach actually can reduce the headache of updating Panda while using Immunet! I'm rather glad they decided to use this method. Besides, it's best to use the newest version of an AV, usually anyway, except for my friend's case of course.

 

Wow! You got 1tb of data on your rig? That's a lot of stuff! I could see why the scan would take so long. Still the CPU usage does seem rather high to me too.

 

If you'd like to submit a FP the best way to do it would be to contact Support directly via email at support@immunet.com. Here's some additional info regarding this matter. http://support.immun...false-positive/

Cheers, Ritchie...


* Immunet Global Forum Moderator *


#10 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,895 posts
  • LocationOil City, Pa. U.S.A.

Posted 16 June 2017 - 11:10 AM

Thinking about my friend's situation, Bill Gates was once quoted (years ago of course) shortly after the introduction of Windows ME that a user would only need 512 megs of RAM to operate any Microsoft Operating System. Boy, was he wrong on that assumption, lol! I'm currently using Win 7 Ultimate x64 SP1 with 8 gigs of DDR2 DIMM 1066MHz duel channel memory, which is more than enough for my needs. Better to have more than not enough!


* Immunet Global Forum Moderator *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users