Why your security software process is hidden from Process Lasso

Started by Jeremy Collake, May 17, 2012, 04:23:46 PM

Previous topic - Next topic

Jeremy Collake

Many users have said, "Why is my anti-virus process not listed?". Mostly Norton and Comodo users. Indeed, this is a good question. There is also a good answer.

During our real-world research, we discovered that some anti-virus software has tamper detection mechanisms that are 'triggered' by simply 'looking at' their process. Yes, simply looking at them - something I've verified with their own engineers. We are working on some work-arounds so that these are listed again for v6, but the thing is that these processes should not be *touched* by the end user. This would not be a problem, BUT these software emit not one 'tamper detection' log event, but thousands and thousands -- to the point of slowing down some PCs. Don't ask me why they emit thousands of duplicate tamper detection events, you can ask them that ;). Anyway, to AVOID this, we do not even touch certain processes.

You may say, but my security software uses a lot of CPU resources, I need to tame it!

Indeed, it does use a lot of CPU and I/O resources, *BUT* it should NEVER be tamed. By design the real time scanners run at the highest available priority already - even if their priority class doesn't show that, the thread priority is surely real-time or highest. Why? Because you WANT whatever the scanner has to do to be completed as quickly as possible. Other processes must WAIT for the 'scan' to complete. Thus, you never want to interfere with this process, NOR do you want to try 'optimize' it yourself, as you can seriously jeopardize the synergy of your PC.

Remember, Process Lasso was *never* meant to be a full-fledged task manager. It is an automation and optimization tool. Thus, we focus on THAT, and that alone.

This was something added to the FAQ.
Software Engineer. Bitsum LLC.

Victek

Quote from: bitsum.support on May 17, 2012, 04:23:46 PMIndeed, it does use a lot of CPU and I/O resources, *BUT* it should NEVER be tamed. By design the real time scanners run at the highest available priority already - even if their priority class doesn't show that, the thread priority is surely real-time or highest. Why? Because you WANT whatever the scanner has to do to be completed as quickly as possible. Other processes must WAIT for the 'scan' to complete. Thus, you never want to interfere with this process, NOR do you want to try 'optimize' it yourself, as you can seriously jeopardize the synergy of your PC.

Interesting note: Norton Internet Security 2011 (and maybe 2012 too, but I'm not sure) does have the option to run background "quick scans" at a lowered priority.  Webroot Secure Anywhere also has a setting "favor low cpu usage over fast scanning" which perhaps lowers the thread priority (not sure though).  Folks may be able to tame their security software by adjusting available options instead of trying to use Process Lasso to ride herd on them  :)

Jeremy Collake

Indeed, that is what I recommend. However, to avoid confusion, let me define more narrowly what I speak of:

Security suites typically have many processes, one for each need.

1. Real Time scanners are not to be messed with. These are usually in their own process.
2. Background or scheduled scans take place in a separate process, and are already set to not interfere with the system (other than the *inherent* effect of having your PC scanned, which takes I/O and other resources ;o).

Most security software will let you adjust what you want real-time scanners to scan. Indeed, MSE, for instance, was built to have the fewest necessary options. Yet, it has real-time scanning tweaks, several of them. For example: Don't scan specific locations, don't scan archives, only scan downloads, only scan 'incoming' (didn't previously exist) files, etc...

So, tuning of your security software is indeed what is going to get results if that is your primary concern. Process Lasso can't do anything at all about security software, though has been reported by many users to help with the rest of their system, which in-itself is quite valuable.

Of course, tuning your security software is to be done by a knowledgeable technician and at your OWN RISK.
Software Engineer. Bitsum LLC.

DeadHead

Real time scanning = burden (more or less) on your system. Personally, on my own computer, I disable it and scan things manually. On my colleagues computers, I leave it on! ;)
Windows 10 Pro 64 (swedish) || Xeon 5650 @ +4 GHz || 24 gig ram || R9280 Toxic

Lucky_Wizzard

Thanks for the answer.
My main concern is that any processes being used do not even seem to be listed for Norton.  That being the case, it could be some malware eating my HD while my CPU fan clanks along in overdrive.

Nice to know there are settings within Norton to accomplish control (not that I wish to control its speeds).  My observation about Norton is that it is "about as intuitive as a broken foot" (as old Tim used to say of CAD) and it is unhelpful to the n-th degree in telling the user what it finds and in expanding on this information.  At the same time I have not been compromised in the 4 years I have used it.