avast and filemon

Avast Free Antivirus / Premium Security
1

after installing avast I launched filemon ( http://www.sysinternals.com )
and I’ve seen that some avast processes keep accessing the disk
forever, even if there is no activity.

as an example the process ashDisp.exe or ashServ.exe keeps reading
avast4.ini forever, for no apparent reason…

isn’t this affecting performance of the computer ?
is it possible to stop avast doing this ? (I’ve tried stopping avast
using “stop on-access protection” but didn’t help at all).

thanks.

2

The answer already has been given in several other threads.

Disk access is because ashServ.exe is a On-Access module.
This is perfectly normal behaviour.

is it possible to stop avast doing this ?
Yes it is possible, but you will be without protection from Avast ;D
3

didn’t search before posting… sorry :-[
I’ve found this thread:
http://forum.avast.com/index.php?board=2;action=display;threadid=6215;start=msg47679#msg47679

the comments posted there are valid: why not checking avast.ini
less frequently, or using ReadDirectoryChangesW ?
or maybe they can use SQL Lite (http://www.hwaci.com/sw/sqlite)
or similar (instead of ms jet drivers), with possibly reducing
the size of the setup too.

thanks.

4

Can you try changing the storage method from ODBC to XML?
You can download ‘Control’ in my signature or directly edit avast4.ini file following the instructions of ‘Settings’ :wink:

5

please can you tell me what is different when using xml for the database ?
thanks.

6

Browse at ‘FAQ’ on my signature :wink:

7

ok, thank you.
I manually changed from odbc to xml, and (obviously) the .mdb isn’t
accessed anymore, but this doesn’t solve the continuos access to
avast.ini

8

It really shouldn’t affect the performance (that’s why the Windows cache is there) - but I have reduced the access a little.

9

thanks

10

…but it does on my computer…
Without the ashServ process running, the CPU usage is ~0,13%
When the process is running: ~0,8%

That means that this process eats a lot…

11
That means that this process eats a lot.....

Sorry but the numbers you quoted are IMHO actually well below statistical error. I mean, Windows system is inherently doing many things on the background (even if you don’t see them in FileMon output) - like paging, compacting etc. that take nonzero CPU resources.

Aside from that, the access to the INI file of course virtually never touches the disk - it always comes from the cache (which is a very fast operation).

Cheers
Vlk

12

Igor, my RAM problems were not solved with 4.5 :cry:
Specially after a long time of inactivity (1 - 2 hours), when I resume the computer, bang, cpu usage goes between 90% - 95%… I must boot to use the computer with confort again…

RejZor’s ‘restart’ option for avast! does not work for me with 4.5 version… just ‘disable’ avast but cannot start it again :cry:

13
when I resume the computer, bang, cpu usage goes between 90% - 95%...

And which process is taking up the CPU? ashServ.exe??

14

Yes, you’re right, it’s no big problem.
I just have to remember to stop the On-Access Protection when working with heavy audio projects.
…or switch to Database=XML…which can’t manage to keep the settings…

Cheers
OisteinR

15

Sure :-\

16

Vlk, I asked Igor:

Is there any way, easy and no so resource consumming, to generate and get this crashdump? Remember, the CPU does not ‘crash’ really, just the computer become slow and slow…

Igor answered me this

Actually, it’s possible to initiate a common blue-screen using keyboard (and get the memory dump during it): http://support.microsoft.com/default.aspx?scid=kb;EN-US;244139
However, I think I should ask Vlk first if this dump would be of any use for him.

17

Technical the big dump is unnecessary.
What would help is an ashServ dump. The creation is described here:
http://forum.avast.com/index.php?board=10;action=display;threadid=7925

It’s actually not too difficult (can be fun) :slight_smile:

Cheers
Vlk

18

I’ll try. Can you say me if I can have the debugger attached all the time without too much resources lost? (I think not)
If not, I’ll need to wait for the problem (as I can’t simulate it).

I don’t know if I’ll be able to turn off the Standard Shield provider before attaching the debugger to aswServ.exe because system is very bad at that condition… :-\

19

Well, indeed I tried to attach the debbuger while Standard Shield were running and I have to turn off the computer :-\

Vlk, must I test it connected and at the same time without antivirus protection? Strange… Dangerous?!

Other questions to go on:

  1. Did I check the ‘Noninvasive’ option on the ‘Attach to the process’ window?

  2. Should I close the window ‘Disassembling’ to enter the command line?

  3. Can you open a FTP for me? pk tried four or five times this week without success… :cry:

  4. What will be the size of the dump file? As much as the RAM? Well, it won’t be easy so to send you all of it…

  5. I tried last night but I had to wait more than 10 minutes and nothing, no HDD or monitor response, nothing. The dump file has 0 kb (corrupt of corse).