Recent Posts

Pages: 1 ... 5 6 [7] 8 9 10
61
please correct me if I'm wrong. It is that if MBARW is present, the CPU cycles used by ProcessLasso.exe varies dramatically on the same hardware, right?

Yes. It has been a while since I ran MBARW though. It looks others are still having the issue. Have any of the other guys at the malwarebytes forums given you info on what their systems are doing?
62
MB is working with me to determine the cause. I think they mean well.

I do reject their first conclusion, which is that if you lower system resources enough (in a VM), then with sufficient process activity, Lasso's GUI, when open, will consume more CPU cycles than usual... That seems obvious to me.

I don't think that's the issue, though please correct me if I'm wrong. It is that if MBARW is present, the CPU cycles used by ProcessLasso.exe varies dramatically on the same hardware, right?
63
So what happened was he hid more recent controversial (inaccurate) posts. He is a good guy I think and just made a mistake. It is natural, I suppose, especially at larger organizations to 'pass the buck'.

If there is any fix to be made on my end, I'll make it, but the important thing to note here is that it ONLY occurs when MBARW is present. So far I've heard claims that MBARW doesn't hook anything (or much), but it sure is affecting something in a dramatic way.

At least most users are not affected... so still searching for that third-factor.
64
I think he may have redacted/edited the original thread now, but I can't bring myself to visit it again. Back into coding mode...

And thanks for your support Chris ;).
65
Bug Reports / Re: Misc handles and such
« Last post by Jeremy Collake on June 24, 2016, 04:20:35 PM »
Ed, I want to keep this thread on-topic, so I'm going to move your post - please take no offense.
66
Bug Reports / Misc handles and such
« Last post by edkiefer on June 24, 2016, 04:19:03 PM »
I long ago optimized the rate of process handle opening to fix a previous interoperability issue with some security software that hooked all process opens to evaluate them. This reduced the rate of handle re-opens (which are normally rapid anyway, when not intercepted) by several orders of magnitude. Once per process instance, instead of once per second per process instance.

Somehow, this old report, despite long being fixed, caused an MB mod to conclude, after seeing a few process opens (which Process Lasso does since it manages processes!), that the fault must be with Process Lasso, despite no such problem occurring without the presence of MBARW!

Then the thread was closed. So, that's that. I can guarantee you that I spend extraordinary efforts to make Process Lasso as optimal as possible, but can't speak for whatever security software hooks do when they start blocking requests for inspection. We don't have any reason to suspect that process handle open frequency is the problem here, but it was taken as such, and the thread immediately closed without evidence of such.
When I said memory/handles I was talking in general, not specific to PL, but some issue when all these products ar run.
I will say this after testing many A/V type products on Win10, there are some odd system load that happens (I am comparing to a Win7 system).

The Win10 "seems" because they have many more back-ground services but are set to manual(app triggered) you tend to get spikes, though not bad and not high, but none the less there. If you montor processes you see this aggressive on/off of processes.
You don't notice to much any performance degradation "but" with A/V is does get worse compare to default (Win10 Defender).

This is just something I noticed, running back to back A/V programs and clean Win10, I have no real data just seat of pants type report.
67
Oh well...removing malwarebytes right now. Cant wait for v9 of process lasso. Keep plugin away.

Chris
68
I'll try to help them when I can, but there is only so much I can do, and at that point I'll just remove their product from my system, problem solved.

I don't think he meant any harm, and said as much privately - but he made an errant conclusion based on that old/fixed interoperability issue, then had too much pride/ego to back off it (which is why he closed the thread when I asked for data). Oh well. Now I need to calm down and get back to work. I hope everyone knows I do my best, and if there is an issue, I *do* admit to it, and then fix it. In this case though, he's off-base.

It doesn't help that since I take my work so personally, when things like this happen, my ability to make coherent arguments goes downhill :o.
69
I'll try to help them when I can, but there is only so much I can do, and at that point I'll just remove their product from my system, problem solved.
70
I long ago optimized the rate of process handle opening to fix a previous interoperability issue with some security software that hooked all process opens to evaluate them. This reduced the rate of handle re-opens (which are normally rapid anyway, when not intercepted) by several orders of magnitude. Once per process instance, instead of once per second per process instance.

Somehow, this old report, despite long being fixed, caused an MB mod to conclude, after seeing a few process opens (which Process Lasso does since it manages processes!), that the fault must be with Process Lasso, despite no such problem occurring without the presence of MBARW!

Then the thread was closed. So, that's that. I can guarantee you that I spend extraordinary efforts to make Process Lasso as optimal as possible, but can't speak for whatever security software hooks do when they start blocking requests for inspection. We don't have any reason to suspect that process handle open frequency is the problem here, but it was taken as such, and the thread immediately closed without evidence of such.
Pages: 1 ... 5 6 [7] 8 9 10