BleepingComputer.com: Real Time scanning

Is it ok for an antivirus' real time scan to use over 200,000K of memory?

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.

• The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  
• Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  
• Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  
• Type of scan performed: Deep, Quick or Custom scanning.
  
• What action has to be performed when malware is detected.
  
• A computer's hard drive size.
  
• Disk used capacity (number of files to include temporary files) that have to be scanned.
  
• Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  
• Whether external drives are included in the scan.
  
• Competition for and utilization of system resources by the scanner.
  
• Other running processes and programs in the background.
  
• Interference from malware.
  
• Interference from the user.

Some anti-virus programs are resource heavy even while they are not scanning. What are you using?

I'm using Symantec AntiVirus version 10.1 (SAV), it's at its end of life (I heard it's possible to migrate to the new Symantec EndPoint Protection, but the zip file is like 500 MB and I don't think it worth getting 500+ MB for SEP...).

SAV rtvscan.exe is using more than 200,000K of mem usage. Each time it reach over 200,000K, I have to use Quick Scan to make it reduce to 70,000K of mem usage. Sometime, using quick scan won't reduce it... Plus, the quick scan is terrible, it only scan ~750 files

Someone helpful recommended me of getting Avast or Avira. I think both are pretty good but I don't know if it worth to uninstall the FULL version of SAV and install the FREE version of Avast or Avira. (I kinda hesitate)

This post has been edited by Pat(rick): 26 March 2011 - 01:06 PM

Although Symantec (Norton) is as good as any other well known anti-virus program, it requires numerous services and running processes that consume system resources and often results in complaints of high CPU usage. I have read from other users that Symantec has improved the newer versions while others say differently. However, Symantec products can be difficult to remove and remnants are often left behind which require the use of a special removal tool, otherwise you may encounter problems installing a replacement anti-virus. To be fair, other vendors are also using removal tools for the same reason. Those issues plus the cost factor are the primary reason many folks look for a free alternative.

My personal choice is NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint or one of the following if choosing a free alternative.

• avast! Free Antivirus
  
• Microsoft Security Essentials
  
• Avira AntiVir Personal - Free Antivirus

I heard SAV will stop providing definitions in 2012 which mean Live Update won't give any new definitions.

Will I be disadvantageous if I switch to a free antivirus? (I've to find the features of my discontinued SAV and so far it only says Antivirus and Antispyware...)

I kinda don't like when it runs many processes.

This post has been edited by Pat(rick): 26 March 2011 - 04:42 PM

Pat(rick), on 26 March 2011 - 12:57 PM, said:

• How do you measure the amount of memory, do you use Task Manager?
  
• What version of Windows?
  
• What is the title of the column that lists 200,000K for rtvscan.exe?

1. I check in Task Manager
2. Windows XP pro. Service pack 3
3. Rtvscan.exe | SYSTEM | 00 | around~230,000K

Pat(rick), on 28 March 2011 - 04:36 PM, said:

No, I mean the title of the column. Is it Mem Usage?

Yes Mem Usage

OK, are you familiar with Process Explorer?

If so, can you go to View / Select Columns... and make sure columns Virtual Size and Private Bytes are selected. And then report the amount of memory?

I'm sorry, I don't know where the process Explorer is and I never use it yet. (So I downloaded it.)

I wonder if the report is only by clicking File -> Save

I hope this is the right one

Process PID CPU Private Bytes Working Set Description Company Name Virtual Size
Rtvscan.exe 1636 61,432 K 60,356 K Symantec AntiVirus Symantec Corporation 400,080 K
iexplore.exe 5320 46,552 K 59,860 K Internet Explorer Microsoft Corporation 349,076 K
YahooMessenger.exe 5480 82,444 K 20,340 K Yahoo! Messenger Yahoo! Inc. 269,548 K
iexplore.exe 2908 67,016 K 79,016 K Internet Explorer Microsoft Corporation 264,692 K
iTunes.exe 3416 28,004 K 12,448 K iTunes Apple Computer, Inc. 249,492 K
svchost.exe 1352 18,336 K 28,476 K Generic Host Process for Win32 Services Microsoft Corporation 155,984 K
explorer.exe 2636 26,372 K 12,156 K Windows Explorer Microsoft Corporation 152,512 K
iexplore.exe 2072 12,280 K 916 K Internet Explorer Microsoft Corporation 105,460 K
ipoint.exe 2848 0.78 12,436 K 17,624 K IPoint.exe Microsoft Corporation 90,300 K
itype.exe 3760 12,356 K 17,672 K IType.exe Microsoft Corporation 84,756 K
procexp.exe 1264 2.34 10,164 K 15,084 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com 82,404 K
procexp.exe 4248 10,320 K 6,352 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com 81,524 K
csrss.exe 972 2,044 K 7,972 K Client Server Runtime Process Microsoft Corporation 68,652 K
winlogon.exe 996 9,844 K 2,616 K Windows NT Logon Application Microsoft Corporation 67,852 K
svchost.exe 1224 3,608 K 5,768 K Generic Host Process for Win32 Services Microsoft Corporation 65,556 K
SPBBCSvc.exe 136 6,148 K 4,560 K SPBBC Service Symantec Corporation 64,972 K
VPTray.exe 4864 3,956 K 8,888 K Symantec AntiVirus Symantec Corporation 57,624 K
svchost.exe 1708 3,504 K 7,504 K Generic Host Process for Win32 Services Microsoft Corporation 50,412 K
spoolsv.exe 232 3,976 K 7,188 K Spooler SubSystem App Microsoft Corporation 49,208 K
YahooAUService.exe 2492 5,204 K 7,828 K AutoUpater Service Module Yahoo! Inc. 45,272 K
SbieCtrl.exe 1056 1,964 K 6,328 K Sandboxie Control SANDBOXIE L.T.D 44,512 K
ccEvtMgr.exe 1972 4,600 K 3,960 K Symantec Event Manager Service Symantec Corporation 43,740 K
lsass.exe 1052 4,432 K 1,672 K LSA Shell (Export Version) Microsoft Corporation 42,756 K
wmiprvse.exe 2272 2,440 K 7,012 K WMI Microsoft Corporation 42,480 K
AirPlusCFG.exe 784 2,952 K 6,280 K D-Link Wireless LAN Monitor D-Link 41,268 K
WZCSLDR2.exe 964 2,956 K 5,284 K ANIWZCS2 launcher for Windows. Wireless Service 40,300 K
wmiprvse.exe 740 2,056 K 5,140 K WMI Microsoft Corporation 39,020 K
svchost.exe 1656 2,812 K 4,940 K Generic Host Process for Win32 Services Microsoft Corporation 38,916 K
svchost.exe 1312 2,180 K 4,852 K Generic Host Process for Win32 Services Microsoft Corporation 38,772 K
LVCOMSX.EXE 3708 2,168 K 3,960 K LVCom Server Logitech Inc. 38,552 K
ccApp.exe 2432 4,600 K 7,952 K Symantec User Session Symantec Corporation 38,224 K
jqs.exe 768 2,436 K 1,396 K Java™ Quick Starter Service Sun Microsystems, Inc. 37,816 K
iTunesHelper.exe 4768 1,280 K 4,696 K iTunesHelper Module Apple Computer, Inc. 37,124 K
DefWatch.exe 668 1,972 K 4,788 K Virus Definition Daemon Symantec Corporation 36,688 K
svchost.exe 492 1,436 K 3,936 K Generic Host Process for Win32 Services Microsoft Corporation 36,684 K
igfxtray.exe 2120 1,072 K 3,596 K igfxTray Module Intel Corporation 35,988 K
ccSetMgr.exe 1932 4,488 K 4,480 K Symantec Settings Manager Service Symantec Corporation 35,980 K
dpupdchk.exe 3992 2,032 K 2,988 K dpupdchk.exe Microsoft Corporation 35,920 K
alg.exe 3844 1,308 K 3,744 K Application Layer Gateway Service Microsoft Corporation 33,584 K
iPodService.exe 880 2,244 K 3,968 K iPodService Module Apple Computer, Inc. 33,456 K
jusched.exe 5984 944 K 3,028 K Java™ Update Scheduler Sun Microsystems, Inc. 32,192 K
svchost.exe 1612 1,848 K 4,168 K Generic Host Process for Win32 Services Microsoft Corporation 32,024 K
ctfmon.exe 3680 1,044 K 3,616 K CTF Loader Microsoft Corporation 30,584 K
wscntfy.exe 456 696 K 2,588 K Windows Security Center Notification App Microsoft Corporation 28,092 K
igfxpers.exe 3776 820 K 3,072 K persistence Module Intel Corporation 24,976 K
hkcmd.exe 692 848 K 3,092 K hkcmd Module Intel Corporation 24,000 K
services.exe 1040 1,980 K 3,856 K Services and Controller app Microsoft Corporation 22,544 K
SbieSvc.exe 1472 1,208 K 2,644 K Sandboxie Service SANDBOXIE L.T.D 17,288 K
smss.exe 924 172 K 416 K Windows NT Session Manager Microsoft Corporation 3,808 K
System 4 0 K 256 K 1,884 K
System Idle Process 0 96.09 0 K 28 K 0 K
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs 0 K

Pat(rick), on 29 March 2011 - 05:47 PM, said:

No problem, I intended to help you if you've never used it, but you've figured it out yourself.

Pat(rick), on 29 March 2011 - 05:47 PM, said:

This is what I was looking for.

Simply put, these figures show that rtvscan.exe uses a lot of memory (400 MB) because it is a big program (private bytes is only 60 MB, that's not too high).
Unfortunately, there's not much you can do about this, except increasing RAM or switching to an AV with a smaller footprint. But I would only do this if you really experience a slow machine.
How much RAM do you have in your XP machine?

Those 400 MB are not exclusively used by rtvscan (although the 60 MB are), some part of it is shared with other processes.

This post has been edited by Didier Stevens: 30 March 2011 - 01:00 PM

Currently, I have 1,5 GB of ram.

The private bytes is always 200 MB until I do a quick scan to reduce it to 40~60 MB

Pat(rick), on 30 March 2011 - 03:47 PM, said:

That should be enough.

Pat(rick), on 30 March 2011 - 03:47 PM, said:

That's a lot. But again, I would not take action unless you experience a slow system.

Do you think I should change it since the antivirus is discontinued? I won't receive new definitions until 2012.

If I play online games (downloadable, use of client; like a MMORPG), will it hurt my computer if i keep the antivirus and play? (Just curious)

This post has been edited by Pat(rick): 30 March 2011 - 09:43 PM