Hi everyone,
I’m running Retrospect Express 7.6.123 and seeing exactly this issue with Avast! Free 6.0.1203 in Windows XP SP3.
I would strongly suggest grabbing a copy of Process Monitor 2.95, found here:
http://technet.microsoft.com/en-us/sysinternals/bb896645
…and using it to observe what happens when Avast! 6.0.1203 is disabled vs. enabled while running Retrospect or anything else that seems to slow to a crawl with Avast!'s shields enabled, as I’ve been able to at least narrow things down a bit this way. I’ve also filtered things by process name, including only AvastSvc.exe, avastUI.exe (which I am using to selectively enable or disable various components of Avast! one at a time), and sf.bin (have not seen it but just in case) - in addition to retrorun.exe and Retrospect.exe, which are Retrospect’s processes. I also suggest enabling advanced output in the Filter menu of Process Explorer, and cross-referencing the operations detected with the descriptions found in these links:
http://msdn.microsoft.com/en-us/library/ff550710(v=VS.85).aspx
http://www.osronline.com/article.cfm?id=166
What I have found so far is as follows:
-
When Avast!'s shields are all disabled, I can run Retrospect with no issue; speed is fine. When it is running, I see Retrospect.exe checking the root directory of each of my drives, one after the other, apparently just making sure they’re available for use as far as I can tell - this is constant but pretty low level and causes no noticeable slow-down, so I presume it’s normal activity.
-
I can enable Mail Shield, Web Shield, Script Shield, Network Shield and Behavior Shield, all with default settings, without this changing.
-
When I enable File System Shield, P2P Shield or IM Shield - to be clear, enabling any of these individually with the others disabled causes the same result - Retrospect.exe goes absolutely bonkers, and starts pounding the MFT on my root drive with IRP_MJ_READ operations, in addition to simultaneously carrying out all kinds of FASTIO_ACQUIRE_FOR_CC_FLUSH and FASTIO_RELEASE_FOR_CC_FLUSH operations on various files, primarily Windows system files (i.e. in C:\WINDOWS\ and various subdirectories) with some additional action targeted at my Program Files (C:\Program Files*) and my local user profile (C:\Documents and Settings\Username*). What’s weird is that Avast itself doesn’t seem to be doing much at all during this time - perhaps I’ve missed a process, but I don’t see any activity at all, really. Based on my reading, I believe the IRP_MJ_READ operation to be just that - a read operation - so Retrospect is being induced to read the MFT of the partition on which it’s installed constantly. Also from my reading, the FASTIO operations above are designed to open and close the file in question for access - so Retrospect appears to be repeatedly opening and closing all kinds of files for access on my OS partition as well, without actually doing anything to them. Very odd.
I have tried disabling all features in the Expert Settings of each of the offending shields, to no avail - even then the same behavior occurs, so it’s something those settings do not touch.
I recently let Retrospect attempt a backup under these conditions; it ran incredibly slowly and generated 1017 errors indicating that it was unable to write to the catalog file, snapshot, and backup set due to insufficient permissions. I don’t find any problems with the permissions associated with these files.
At this point, I’m at a loss as to what else to try; nevertheless, I hope the folks will find this information useful and the Avast! staff can find a fix for this ASAP - as the other posters have said, this is seriously annoying >:( Even if it turns out to be the fault of the folks who coded Retrospect / other applications that experience this, I would emphasize that in almost two years of using Avast! and Retrospect together, this is the first I’ve seen of this, meaning it should be possible to alter Avast! to prevent it from happening; clearly, that’s what needs to be done. Would welcome comments from others as to whether they see similar behavior.
In the meantime, I intend to disable these shields temporarily to perform backups - this is going to require me to backup manually, which is extremely obnoxious, but it beats not having a backup at all.
Regards,
DS