Jump to content


Photo
- - - - -

freeze with proiv.exe at 50% cpu usage


8 replies to this topic

#1 janetwil

janetwil

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 08 July 2006 - 08:39 PM

using dexter & chaney forefront software on windows 2003 server w/ sql 2000 and xp pro workstations. With symantec corp edition 10.1 antivirus installed on workstations, forefront locks up w/ proiv.exe using 50% of CPU. Have 2 gb memory on workstations. No errors reported on ws or server. Problem is not on the server. Any ideas? Forefront, computer people, Symantec have no idea and it has been 2 months of research. The only way to stop this problem is to uninstall antivirus which is not what we want to do. Sql databases have been eliminated from anitvirus scans as well as directories where forefront has been installed on ws and server.

#2 Joseph Bove

Joseph Bove

    ProIV Guru

  • Members
  • PipPipPipPipPip
  • 756 posts
  • Gender:Male
  • Location:Ramsey, United States

Posted 10 July 2006 - 05:32 PM

Jane,

One question that comes to mind is this.

The only way to stop this problem is to uninstall antivirus which is not what we want to do.


If you simply turn off antivirus, do you still have the problem?

If the problem is only solved by an uninstall, it sounds like there is a conflict in a DLL being installed with the antivirus software.

Also, you said the problem is not on the server. Does that mean that the antivirus software is only installed on the workstation or that the corrective is only performed on the workstation?

Regards,

Joseph

#3 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 10 July 2006 - 07:21 PM

Joseph

I do have the same problem when symantec antivirus is disabled.

The corrective action is only done on the workstation.

There does not seem to be a problem running forefront on the server itself, just the workstations. Antivirus is on the server and it monitors the workstations, as well. The server doesn't lock up but I only tested this theory twice.

I can run the antivirus program call AVG (its a free thing) with forefront and the workstations do not lock up.

Thanks
Janet

#4 janetwil

janetwil

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 10 July 2006 - 07:43 PM

Joseph

I may not have been clear but wanted to add that the forefront software is what locks up. When it does lock up, I can still use excel, access or get email or anything else on workstation except use forefront. Mother boards and fans were replaced by gateway as well. Thanks Janet

#5 Joseph Bove

Joseph Bove

    ProIV Guru

  • Members
  • PipPipPipPipPip
  • 756 posts
  • Gender:Male
  • Location:Ramsey, United States

Posted 11 July 2006 - 04:56 PM

Janet,

That's a nasty mystery. It must be a DLL that is updated by Symantec.

I'd be guessing badly to try to come up with anything else.

Hopefully someone else has an answer for you.

Good luck,

Joseph

#6 janetwil

janetwil

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 11 July 2006 - 05:33 PM

Joseph

No one has an answer and it has been over 2 months. My only hope is to find out what forefront is doing or accessing when we use certain features. It is only certain features and menus within forefront that lock up consistently. Otherwise, I have no clue and Symantec diagnostic tool obviously didn't show anything either. Thanks for responding.

Janet

#7 Bob Filipiak

Bob Filipiak

    Expert

  • Members
  • PipPipPipPip
  • 133 posts
  • Gender:Male

Posted 12 July 2006 - 01:20 PM

Janet,

I think Joseph has it, if forefront works fine WITHOUT symantec antivirus installed, then something installed by that software (or in your case MALware) is corrupting your forefront instalaltion.

You need to determine which files are installed by the anti-virus software, and proceed.

In the past, when confronted by this monster; what I have done is to get the computer at a state where the malfunctioning software works fine. Then, using a COMPUTER DATE that is later than the current date, install the suspect software. All files installed/modified during that second install should show up during a search of files created or modified with the later date as the date reference. (i.e. Today is July 12, you install the anti-virus with the computer date as August 12; and use AUGUST 12 as you search date) This should give you a list of suspect files, and the directories they are located in.

Bob Filipiak

#8 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 14 July 2006 - 07:01 PM

Bob

Thanks

I followed your example and did come up with only three files all in C:\winnt\prefetch. They are

imapi.exe-270dc371.pf

rundll32.exe-429be5c4.pf

verclsid.exe-194bc15e.pf

I expected more files but will proceed with this. At this point they don't mean a thing but you never know what one may find.

Janet

#9 janetwil

janetwil

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 03 August 2006 - 02:37 AM

Thanks for your help. Problem has been solved by turning off tamper protection, def watch scans and startup scans on the clients in the symantec corp edition 10.1 program. I do not know why but this is what symantec recommended.



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users