I noticed there were TONS of disk accesses which was slowing down the use of my computer. I no longer have any scheduled scans started. Just to be sure, I opened the GUI window and looked under Scan Computer to make sure no scans were in progress (none were shown as running). I looked in Task Manager’s Processes tab and saw nothing that looked like an update to the program was in progress. I used SysInternals’ FileMon to see that AvastSvc was opening, reading, and closing thousands of file. By the time I got around to monitoring the file accesses, AvastSvc.exe was busy navigating through all of the C:\Windows folder and all its subfolders. While AvastSvc.exe was thrashing my drive, I right-clicked on its tray icon and disabled all guards for 10 minutes. They were disabled but there was no effect (the drive thrashing continued). Eventually, like after half an hour, the file thrashing ceased and my computer became responsive again (no slowness in using any apps or the OS). I checked the scan logs and no scan is showing for today. Although CPU usage was probably under 30%, or much less, during this disk thrashing, my computer still became sluggish probably from flooding the data bus with all the byte traffic in reading all those files.
Avast wasn’t updating (which if it was wouldn’t explain all the interrogating of non-Avast files). Avast wasn’t running a scheduled update. I didn’t initiate any manual scan. So why was AvastSvc.exe thrashing the hell out of the OS partition on my hard disk? When Avast decides to go ballistic, just how can I tell what it is doing?
Yep, that’s my version, too. I didn’t even have a web browser open. I was sitting at my static desktop, no windows open, and noticed high CPU usage and then saw it was AvastSvc.exe.
While some respondents in your other thread thought it had to do with the Web Shield interrogating your network traffic, that would be irrelevant in my situation where AvastSvc.exe was opening, reading, and closing every file under C:\Windows. Folders used by the web browser are elsewhere.
I did not do a full install of all shields for Avast. I only installed the Network, Web, and Behavior shields. I don’t need any of the others or they are superfluous. I wasn’t web surfing at the time I noticed the CPU spike and high disk usage. AvastSvc.exe was sucking up lots of CPU time. File Monitor showed me it was roaming through my file system looking inside lots and lots of files.
If Avast has conflicts with Acronis True Image Home v11 then the choice will be to drop Avast, find another AV solution that works with True Image, and keep True Image. All of this high CPU usage only occurred after the program update that brought me up incrementally to the 889 build.
For now, I’m playing with other AV (and firewall) solutions and, so far, haven’t hit this constant high CPU load on my host. When AvastSvc.exe what whacking the file system, I disabled all its shields but the high CPU usage continued. So with these disabled and supposedly not doing any effective, why would Avast be doing anything with files (opening, reading, closing)? It’s like the disable of its shields got ignored.
I got the impression that AvastSvc was reading all these files to record or hash them up to make use of this cache of hashed values to determine if it could later skip these unchanged files. Okay, but either that should be running at Low priority with throttled disk bandwidth or it should only do the caching of hashes when a scan is executed rather than going off by itself to do that “indexing”. This type of disk thrashing is why I also don’t install search engines (MS Desktop Search, Google Search, indexing service in Windows, etc).
Being that the behaviour shield doesn’t fully work at the moment you could have tried uninstalling that shield to see if that was the cause of your problem, i find that any problem’s are usually from a conflicting software, your av software should be far more important than acronis but your choice
I don’t have a problem with Acronis True Image Home V11 on my XP pro system but as you do not have your system information in your signture I have to ask what is the operating system you are running ???
If Avast’s Behavior Shield is not functioning correctly (again) then I’m wondering if an uninstall followed by custom install where I do NOT include the Behavior Shield would work. I would then use Threatfire’s behavioral analysis to replace Avast’s Behavior Shield. Since Behavior Shield was installed then the conflicts noted in past posts should not occur. I’d end up with:
Avast (File, Network, & Web shields only)
Threatfire
When I install Avast, I deselect several of its shields. Don’t need or want P2P or email shields. Previously I only installed the File, Network, Web, and Behavior shields. Well, I could could install Avast with one less shield, the Behavior Shield, and use something else to supplant that functionality, like Threatfire.
Yokenny, those links just point back to this thread.
As stated, I would be doing an install of Avast without its Behavioral Shield. How could another behavioral analyzer conflict with a non-existent behavioral analyzer for Avast? I have never been impressed with Avast’s Behavior Shield, anyway.
Oh, there is some configuration available now for the Behavior Shield? As I recall (because Avast isn’t install right now on my host), there was absolutely no user configuration available for the Behavior Shield. Well, yeah, I guess I don’t know how to configure this shield along with every other user since it has no configuration. Are you privy to changelog? If so, where can it be found by other users? I don’t mean http://www.avast.com/release-history which is so vague as to be useless. It makes no mention in the configurability of the Behavior Shield. You see it mention changes to add new configuration options?
Please explain how any user would magically know that an option to “monitor” for malware in this shield causes the thrashing of the host at 100% CPU usage, or just what would lead users to start looking at the configuration of this shield to resolve this problem. Not knowing how to use the settings is not the same as someone who changes the settings to see what happens. What would lead users that notice AvastSvc.exe is consuming 100% CPU usage to go use a file monitor to see this process is scanning through lots of files (when no scan was initiated or scheduled)? What would lead users to look at the Behavior Shield? What would lead users to look at its rootkit monitor option? Shotgun troubleshooting does not exhibit expertise at understanding just how this shield works.
I see in an install of 5.1.889 (in a virtual machine) that there are now configurable options for the Behavior Shield. Well, that’s new to me. Was I blind and didn’t see these options in prior versions? If they weren’t there before, why would Avast or you expect users to automatically know about the non-described changes in a minor version update?
So, in version 5.1, the Behavior Shield was passive and collecting info on how to modify its behavior. I’ve just read elsewhere that the 5.1.889 update (which is what causes me problems) just partially enabled the Behavior Shield. So what was compatible before (with avast’s Behavior Shield and another behavioral analyzer) will now start causing problems. Well, the solution seems to be either to use only Avast’s Behavior Shield or to get rid of it and use something else. When I started this thread, Threatfire wasn’t on my host (and still isn’t as I’m still exploring substitutes). Behavior Shield wasn’t of much value before. Now Avast has partially enabled it and expects us users to be the guinea pigs to iron it out. No thanks.
