Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Real Time scanning


  • Please log in to reply
24 replies to this topic

#1 Pat(rick)

Pat(rick)

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 25 March 2011 - 03:02 PM

Is it ok for an antivirus' real time scan to use over 200,000K of memory?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:47 PM

Posted 26 March 2011 - 07:41 AM

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
Some anti-virus programs are resource heavy even while they are not scanning. What are you using?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 26 March 2011 - 12:57 PM

I'm using Symantec AntiVirus version 10.1 (SAV), it's at its end of life (I heard it's possible to migrate to the new Symantec EndPoint Protection, but the zip file is like 500 MB and I don't think it worth getting 500+ MB for SEP...).

SAV rtvscan.exe is using more than 200,000K of mem usage. Each time it reach over 200,000K, I have to use Quick Scan to make it reduce to 70,000K of mem usage. Sometime, using quick scan won't reduce it... Plus, the quick scan is terrible, it only scan ~750 files

Someone helpful recommended me of getting Avast or Avira. I think both are pretty good but I don't know if it worth to uninstall the FULL version of SAV and install the FREE version of Avast or Avira. (I kinda hesitate)

Edited by Pat(rick), 26 March 2011 - 01:06 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:47 PM

Posted 26 March 2011 - 03:25 PM

Although Symantec (Norton) is as good as any other well known anti-virus program, it requires numerous services and running processes that consume system resources and often results in complaints of high CPU usage. I have read from other users that Symantec has improved the newer versions while others say differently. However, Symantec products can be difficult to remove and remnants are often left behind which require the use of a special removal tool, otherwise you may encounter problems installing a replacement anti-virus. To be fair, other vendors are also using removal tools for the same reason. Those issues plus the cost factor are the primary reason many folks look for a free alternative.

My personal choice is NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint or one of the following if choosing a free alternative.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 26 March 2011 - 04:35 PM

I heard SAV will stop providing definitions in 2012 which mean Live Update won't give any new definitions.

Will I be disadvantageous if I switch to a free antivirus? (I've to find the features of my discontinued SAV and so far it only says Antivirus and Antispyware...)

I kinda don't like when it runs many processes.

Edited by Pat(rick), 26 March 2011 - 04:42 PM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 28 March 2011 - 04:22 PM

SAV rtvscan.exe is using more than 200,000K of mem usage. Each time it reach over 200,000K, I have to use Quick Scan to make it reduce to 70,000K of mem usage. Sometime, using quick scan won't reduce it... Plus, the quick scan is terrible, it only scan ~750 files


  • How do you measure the amount of memory, do you use Task Manager?
  • What version of Windows?
  • What is the title of the column that lists 200,000K for rtvscan.exe?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 28 March 2011 - 04:36 PM

1. I check in Task Manager
2. Windows XP pro. Service pack 3
3. Rtvscan.exe | SYSTEM | 00 | around~230,000K

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 29 March 2011 - 03:54 AM

3. Rtvscan.exe | SYSTEM | 00 | around~230,000K

No, I mean the title of the column. Is it Mem Usage?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 29 March 2011 - 10:45 AM

Yes Mem Usage

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 29 March 2011 - 11:49 AM

OK, are you familiar with Process Explorer?

If so, can you go to View / Select Columns... and make sure columns Virtual Size and Private Bytes are selected. And then report the amount of memory?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 29 March 2011 - 05:47 PM

I'm sorry, I don't know where the process Explorer is and I never use it yet. (So I downloaded it.)

I wonder if the report is only by clicking File -> Save

I hope this is the right one

Process PID CPU Private Bytes Working Set Description Company Name Virtual Size
Rtvscan.exe 1636 61,432 K 60,356 K Symantec AntiVirus Symantec Corporation 400,080 K
iexplore.exe 5320 46,552 K 59,860 K Internet Explorer Microsoft Corporation 349,076 K
YahooMessenger.exe 5480 82,444 K 20,340 K Yahoo! Messenger Yahoo! Inc. 269,548 K
iexplore.exe 2908 67,016 K 79,016 K Internet Explorer Microsoft Corporation 264,692 K
iTunes.exe 3416 28,004 K 12,448 K iTunes Apple Computer, Inc. 249,492 K
svchost.exe 1352 18,336 K 28,476 K Generic Host Process for Win32 Services Microsoft Corporation 155,984 K
explorer.exe 2636 26,372 K 12,156 K Windows Explorer Microsoft Corporation 152,512 K
iexplore.exe 2072 12,280 K 916 K Internet Explorer Microsoft Corporation 105,460 K
ipoint.exe 2848 0.78 12,436 K 17,624 K IPoint.exe Microsoft Corporation 90,300 K
itype.exe 3760 12,356 K 17,672 K IType.exe Microsoft Corporation 84,756 K
procexp.exe 1264 2.34 10,164 K 15,084 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com 82,404 K
procexp.exe 4248 10,320 K 6,352 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com 81,524 K
csrss.exe 972 2,044 K 7,972 K Client Server Runtime Process Microsoft Corporation 68,652 K
winlogon.exe 996 9,844 K 2,616 K Windows NT Logon Application Microsoft Corporation 67,852 K
svchost.exe 1224 3,608 K 5,768 K Generic Host Process for Win32 Services Microsoft Corporation 65,556 K
SPBBCSvc.exe 136 6,148 K 4,560 K SPBBC Service Symantec Corporation 64,972 K
VPTray.exe 4864 3,956 K 8,888 K Symantec AntiVirus Symantec Corporation 57,624 K
svchost.exe 1708 3,504 K 7,504 K Generic Host Process for Win32 Services Microsoft Corporation 50,412 K
spoolsv.exe 232 3,976 K 7,188 K Spooler SubSystem App Microsoft Corporation 49,208 K
YahooAUService.exe 2492 5,204 K 7,828 K AutoUpater Service Module Yahoo! Inc. 45,272 K
SbieCtrl.exe 1056 1,964 K 6,328 K Sandboxie Control SANDBOXIE L.T.D 44,512 K
ccEvtMgr.exe 1972 4,600 K 3,960 K Symantec Event Manager Service Symantec Corporation 43,740 K
lsass.exe 1052 4,432 K 1,672 K LSA Shell (Export Version) Microsoft Corporation 42,756 K
wmiprvse.exe 2272 2,440 K 7,012 K WMI Microsoft Corporation 42,480 K
AirPlusCFG.exe 784 2,952 K 6,280 K D-Link Wireless LAN Monitor D-Link 41,268 K
WZCSLDR2.exe 964 2,956 K 5,284 K ANIWZCS2 launcher for Windows. Wireless Service 40,300 K
wmiprvse.exe 740 2,056 K 5,140 K WMI Microsoft Corporation 39,020 K
svchost.exe 1656 2,812 K 4,940 K Generic Host Process for Win32 Services Microsoft Corporation 38,916 K
svchost.exe 1312 2,180 K 4,852 K Generic Host Process for Win32 Services Microsoft Corporation 38,772 K
LVCOMSX.EXE 3708 2,168 K 3,960 K LVCom Server Logitech Inc. 38,552 K
ccApp.exe 2432 4,600 K 7,952 K Symantec User Session Symantec Corporation 38,224 K
jqs.exe 768 2,436 K 1,396 K Java™ Quick Starter Service Sun Microsystems, Inc. 37,816 K
iTunesHelper.exe 4768 1,280 K 4,696 K iTunesHelper Module Apple Computer, Inc. 37,124 K
DefWatch.exe 668 1,972 K 4,788 K Virus Definition Daemon Symantec Corporation 36,688 K
svchost.exe 492 1,436 K 3,936 K Generic Host Process for Win32 Services Microsoft Corporation 36,684 K
igfxtray.exe 2120 1,072 K 3,596 K igfxTray Module Intel Corporation 35,988 K
ccSetMgr.exe 1932 4,488 K 4,480 K Symantec Settings Manager Service Symantec Corporation 35,980 K
dpupdchk.exe 3992 2,032 K 2,988 K dpupdchk.exe Microsoft Corporation 35,920 K
alg.exe 3844 1,308 K 3,744 K Application Layer Gateway Service Microsoft Corporation 33,584 K
iPodService.exe 880 2,244 K 3,968 K iPodService Module Apple Computer, Inc. 33,456 K
jusched.exe 5984 944 K 3,028 K Java™ Update Scheduler Sun Microsystems, Inc. 32,192 K
svchost.exe 1612 1,848 K 4,168 K Generic Host Process for Win32 Services Microsoft Corporation 32,024 K
ctfmon.exe 3680 1,044 K 3,616 K CTF Loader Microsoft Corporation 30,584 K
wscntfy.exe 456 696 K 2,588 K Windows Security Center Notification App Microsoft Corporation 28,092 K
igfxpers.exe 3776 820 K 3,072 K persistence Module Intel Corporation 24,976 K
hkcmd.exe 692 848 K 3,092 K hkcmd Module Intel Corporation 24,000 K
services.exe 1040 1,980 K 3,856 K Services and Controller app Microsoft Corporation 22,544 K
SbieSvc.exe 1472 1,208 K 2,644 K Sandboxie Service SANDBOXIE L.T.D 17,288 K
smss.exe 924 172 K 416 K Windows NT Session Manager Microsoft Corporation 3,808 K
System 4 0 K 256 K 1,884 K
System Idle Process 0 96.09 0 K 28 K 0 K
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs 0 K

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 30 March 2011 - 08:16 AM

I'm sorry, I don't know where the process Explorer is and I never use it yet. (So I downloaded it.)

No problem, I intended to help you if you've never used it, but you've figured it out yourself.

Process PID CPU Private Bytes Working Set Description Company Name Virtual Size
Rtvscan.exe 1636 61,432 K 60,356 K Symantec AntiVirus Symantec Corporation 400,080 K


This is what I was looking for.

Simply put, these figures show that rtvscan.exe uses a lot of memory (400 MB) because it is a big program (private bytes is only 60 MB, that's not too high).
Unfortunately, there's not much you can do about this, except increasing RAM or switching to an AV with a smaller footprint. But I would only do this if you really experience a slow machine.
How much RAM do you have in your XP machine?

Those 400 MB are not exclusively used by rtvscan (although the 60 MB are), some part of it is shared with other processes.

Edited by Didier Stevens, 30 March 2011 - 01:00 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 30 March 2011 - 03:47 PM

Currently, I have 1,5 GB of ram.

The private bytes is always 200 MB until I do a quick scan to reduce it to 40~60 MB

#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 PM

Posted 30 March 2011 - 04:11 PM

Currently, I have 1,5 GB of ram.

That should be enough.

The private bytes is always 200 MB until I do a quick scan to reduce it to 40~60 MB


That's a lot. But again, I would not take action unless you experience a slow system.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:04:47 PM

Posted 30 March 2011 - 09:43 PM

Do you think I should change it since the antivirus is discontinued? I won't receive new definitions until 2012.

If I play online games (downloadable, use of client; like a MMORPG), will it hurt my computer if i keep the antivirus and play? (Just curious)

Edited by Pat(rick), 30 March 2011 - 09:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users