Results 1 to 4 of 4

Thread: Multiple ScanningProcess.exe processes using a lot of RAM

  1. #1
    preludecrazy Guest

    Default Multiple ScanningProcess.exe processes using a lot of RAM

    Hi, I'm running ZoneAlarm AntiVirus v8.0.020.000 on XP Pro SP3.
    My PC has a Q6600 Intel 2.40GHz CPU, and 4Gb RAM.
    I have four ScanningProcess.exe processes running on my PC, and they seem to be taking up quite a bit of memory, 1 @ 82,672K, 2 @ 82,496K, 3 @ 1,368K, 4 @ 840K.
    All four tasks are taking up 0% of CPU.
    Is this normal?
    What is it doing?
    I wasn't sure if Spyware was causing this, so I've scanned my PC with AdAware and Spybot S&D, and
    ScanningProcess.exe is
    still there.
    I saw a similar post were someone was suggest reinstalling ZA, or doing a DB reset (what are the pro/cons?).
    BTW, occassionally my PC almost grinds to a halt, and I've noticed ScanningProcess.exe is taking 99% CPU.
    And ZA isn't doing it usual scan at this time.


    Thanks, Jason.

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Antivirus

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Multiple ScanningProcess.exe processes using a lot of RAM

    Hi!

    yes, its normal you have a QUAD processor so, 4 scanning processes... one per processor.
    When idle they should consume 600-800kb. If they consume so much it means that there is hard disk activity.
    Are you running a disk omptimizer? Any software running in the background writing to disk?

    Open the task manager and wait 3-5 minutes... if there is no HD activity the scanningprocess should go to almost zero (as said 600-800kb).

    Any other security tool running? High CPU use means ZA misconfiguration or other software creating problems...
    Check which processes are involved with process explorer:
    http://technet.microsoft.com/en-us/s.../bb896653.aspx


    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    preludecrazy Guest

    Default Re: Multiple ScanningProcess.exe processes using a lot of RAM

    Thanks for your reply.
    As you suggested, I opened up the task manger and even after 10 mintues without my HD
    doing anything
    two of the ScanningProcess processes were over 82,000K.
    I had a look at my processes, and I cannot see any other security tool running.
    I'm not exactly sure what you suggest I check
    for in
    Process Explorer, but below is the output from the main window...
    Process
    PID
    CPU
    Description
    Company Name
    System Idle Process
    0
    94.62



    Interrupts
    n/a

    Hardware Interrupts


    DPCs
    n/a

    Deferred Procedure Calls


    System
    4




    smss.exe
    888

    Windows NT Session Manager
    Microsoft Corporation


    csrss.exe
    1128

    Client Server Runtime Process
    Microsoft Corporation


    winlogon.exe
    1156

    Windows NT Logon Application
    Microsoft Corporation



    services.exe
    1200

    Services and Controller app
    Microsoft Corporation




    svchost.exe
    1376

    Generic Host Process for Win32 Services
    Microsoft Corporation




    svchost.exe
    1432

    Generic Host Process for Win32 Services
    Microsoft Corporation




    svchost.exe
    1576
    0.38
    Generic Host Process for Win32 Services
    Microsoft Corporation




    svchost.exe
    1616

    Generic Host Process for Win32 Services
    Microsoft Corporation




    svchost.exe
    1792

    Generic Host Process for Win32 Services
    Microsoft Corporation




    svchost.exe
    1876

    Generic Host Process for Win32 Services
    Microsoft Corporation




    vsmon.exe
    1932

    TrueVector Service
    Check Point Software Technologies LTD





    ScanningProcess.exe
    1720








    ScanningProcess.exe
    1264








    ScanningProcess.exe
    280








    ScanningProcess.exe
    332







    LEXBCES.EXE
    1808

    LexBce Service
    Lexmark International, Inc.





    LEXPPS.EXE
    1972

    LEXPPS.EXE
    Lexmark International, Inc.




    spoolsv.exe
    1980

    Spooler SubSystem App
    Microsoft Corporation




    inetinfo.exe
    728

    Internet Information Services
    Microsoft Corporation




    LSSrvc.exe
    872

    LightScribe Service
    Hewlett-Packard Company




    sqlservr.exe
    956

    SQL Server Windows NT
    Microsoft Corporation




    nvsvc32.exe
    1060

    NVIDIA Driver Helper Service, Version 174.88
    NVIDIA Corporation




    svchost.exe
    1112

    Generic Host Process for Win32 Services
    Microsoft Corporation




    alg.exe
    2716

    Application Layer Gateway Service
    Microsoft Corporation




    ServiceLayer.exe
    740

    ServiceLayer Module
    Nokia.





    NclUSBSrv.exe
    1516

    NclUSBSrv Application






    NclRSSrv.exe
    2232

    NclRSSrv Application





    svchost.exe
    2612

    Generic Host Process for Win32 Services
    Microsoft Corporation



    lsass.exe
    1212

    LSA Shell (Export Version)
    Microsoft Corporation
    explorer.exe
    732

    Windows Explorer
    Microsoft Corporation

    TBPANEL.exe
    3020

    XpertVision : Display Control Panel
    Xpertvision, Inc.

    smax4pnp.exe
    3508

    SMax4PNP
    Analog Devices, Inc.

    SMax4.exe
    3516

    Audio Control Panel
    Analog Devices, Inc.

    rundll32.exe
    3640

    Run a DLL as an App
    Microsoft Corporation

    zlclient.exe
    3684

    ZoneAlarm Client
    Check Point Software Technologies LTD

    ctfmon.exe
    3864

    CTF Loader
    Microsoft Corporation

    taskmgr.exe
    3968

    Windows TaskManager
    Microsoft Corporation

    procexp.exe
    932
    5.00
    Sysinternals Process Explorer
    Sysinternals - www.sysinternals.com
    dlbkbmon.exe
    3676

    Dell AIO Printer A920Button Monitor
    Dell Computer CorporationProcess: services.exe Pid: 1200Type
    Name
    Desktop
    \Default
    Directory
    \KnownDlls
    Directory
    \Windows
    Directory
    \BaseNamedObjects
    Event
    \BaseNamedObjects\userenv:
    User Profile setup event
    Event
    \BaseNamedObjects\SC_AutoStartComplete
    Event
    \BaseNamedObjects\SvcctrlStartEvent_A3752DX
    Event
    \BaseNamedObjects\ScNetDrvMsg
    Event
    \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
    Event
    \BaseNamedObjects\PnP_No_Pending_Install_Events
    File
    C:\WINDOWS\system32
    File
    \Device\NamedPipe\ntsvcs
    File
    \Device\NamedPipe\ntsvcs
    File
    \Device\NamedPipe\ntsvcs
    File
    \Device\NamedPipe\scerpc
    File
    \Device\NamedPipe\scerpc
    File
    \Device\KsecDD
    File
    \Device\NamedPipe\net\NtControlPipe1
    File
    \Device\NamedPipe\net\NtControlPipe2
    File
    \Device\NamedPipe\net\NtControlPipe2
    File
    C:\WINDOWS\system32\config\AppEvent.Evt
    File
    C:\WINDOWS\system32\config\Internet.evt
    File
    C:\WINDOWS\system32\config\SecEvent.Evt
    File
    C:\WINDOWS\system32\config\SysEvent.Evt
    File
    \Device\NamedPipe\net\NtControlPipe3
    File
    \Device\NamedPipe\net\NtControlPipe4
    File
    \Device\NamedPipe\net\NtControlPipe0
    File
    \Device\NamedPipe\net\NtControlPipe5
    File
    \Device\NamedPipe\ntsvcs
    File
    \Device\NamedPipe\net\NtControlPipe6
    File
    \Device\NamedPipe\net\NtControlPipe7
    File
    \Device\NamedPipe\net\NtControlPipe8
    File
    \Device\NamedPipe\net\NtControlPipe20
    File
    \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
    File
    \Device\NamedPipe\net\NtControlPipe19
    File
    \Device\NamedPipe\net\NtControlPipe10
    File
    \Device\NamedPipe\net\NtControlPipe11
    File
    \Device\NamedPipe\net\NtControlPipe12
    File
    \Device\NamedPipe\net\NtControlPipe13
    File
    \Device\NamedPipe\net\NtControlPipe14
    File
    \Device\NamedPipe\net\NtControlPipe15
    File
    \Device\NamedPipe\net\NtControlPipe16
    File
    \Device\NamedPipe\ntsvcs
    File
    \Device\NamedPipe\net\NtControlPipe17
    Key
    HKLM
    Key
    HKLM\SYSTEM\ControlSet001\Control\Nls\CodePage
    Key
    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
    Key
    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alter nate Sorts
    Key
    HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
    Key
    HKLM\SYSTEM\ControlSet001\Enum
    Key
    HKLM\SYSTEM\ControlSet001\Services
    Key
    HKLM\SOFTWARE\Policies
    Key
    HKLM\SYSTEM\ControlSet001\Control\Class
    Key
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
    Key
    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ Order
    Key
    HKLM\SYSTEM\ControlSet001\Control\ServiceGroupOrde r
    Key
    HKLM\SYSTEM\ControlSet001\Control\ServiceCurrent
    Key
    HKLM\SYSTEM\ControlSet001\Services\Eventlog
    Key
    HKLM\SYSTEM\ControlSet001\Control\ComputerName\Act iveComputerName
    Key
    HKU
    Key
    HKU\S-1-5-20
    Key
    HKU\S-1-5-20
    Key
    HKU\S-1-5-19
    Key
    HKU\S-1-5-20
    Key
    HKU\S-1-5-19
    KeyedEvent
    \KernelObjects\CritSecOutOfMemoryEvent
    Mutant
    \BaseNamedObjects\SHIMLIB_LOG_MUTEX
    Mutant
    \BaseNamedObjects\ShimCacheMutex
    Mutant
    \BaseNamedObjects\PnP_Init_Mutex
    Port
    \RPC Control\ntsvcs
    Port
    \ErrorLogPort
    Process
    svchost.exe(1376)
    Process
    svchost.exe(1432)
    Process
    svchost.exe(1576)
    Process
    svchost.exe(1616)
    Process
    ServiceLayer.exe(740)
    Process
    svchost.exe(1792)
    Process
    svchost.exe(1876)
    Process
    vsmon.exe(1932)
    Process
    LEXBCES.EXE(1808)
    Process
    spoolsv.exe(1980)
    Process
    inetinfo.exe(728)
    Process
    svchost.exe(2612)
    Process
    LSSrvc.exe(872)
    Process
    sqlservr.exe(956)
    Process
    nvsvc32.exe(1060)
    Process
    svchost.exe(1112)
    Process
    alg.exe(2716)
    Section
    \BaseNamedObjects\ShimSharedMemory
    Thread
    services.exe(1200): 2480
    Thread
    services.exe(1200): 1224
    Thread
    services.exe(1200): 1228
    Thread
    services.exe(1200): 1232
    Thread
    services.exe(1200): 1340
    Thread
    services.exe(1200): 1344
    Thread
    services.exe(1200): 1324
    Thread
    services.exe(1200): 1352
    Thread
    services.exe(1200): 1360
    Thread
    services.exe(1200): 1388
    Thread
    services.exe(1200): 1412
    Thread
    services.exe(1200): 528
    Thread
    services.exe(1200): 1608
    Thread
    services.exe(1200): 824
    Thread
    services.exe(1200): 2576
    Thread
    services.exe(1200): 1612
    Thread
    services.exe(1200): 2616
    Thread
    services.exe(1200): 2620
    Token
    NT AUTHORITY\NETWORK SERVICE:3e4
    Token
    NT AUTHORITY\NETWORK SERVICE:3e4
    Token
    NT AUTHORITY\LOCAL SERVICE:3e5
    Token
    JASON-INTEL\Jason Keeler:15701
    Token
    NT AUTHORITY\NETWORK SERVICE:3e4
    Token
    NT AUTHORITY\LOCAL SERVICE:3e5
    WindowStation
    \Windows\WindowStations\Service-0x0-3e7$
    WindowStation
    \Windows\WindowStations\Service-0x0-3e7$

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Multiple ScanningProcess.exe processes using a lot of RAM

    Hi!
    you have to see which other tools that is running is absorbing CPU in conjunction with scanningprocess.

    Alternatively boot your system only with ZA and standard MS. processes and programs. This way you will know for sure if it is related to a third party process.

    1.) Hold down the Ctrl and Shift keys together
    2.) Right click on the ZA icon near your clock
    3.) Choose 'Reset' from the box that comes up
    4.) Choose Yes on the Reset Settings dialog box
    5.) When prompted, choose OK to restart your system
    6.) Follow the on screen configuration prompts after reboot

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •