Why has Microsoft Security Essentials started using so may resiurces?
#1
Posted 11 August 2011 - 04:49 AM
#2
Posted 11 August 2011 - 08:31 AM
1. Open Microsoft Security Essential program.
2. Click settings tab
3. Excluded files and Locations
4. Click on Add button.
5.Select the path c:\program files\microsoft security essentials\MsMpEng.exe
6. Click ok.
7. Click on Save changes.
8. Close Microsoft Security Essential program.
9. Restart the computer.
See how it is.
2. Follow this please.
Irrespective of how it is, do this please
Start, run, type msconfig. Click the startup tab.
Send me please a screenshot of all items checked on the list.
3. What other if any security programs do you have on the computer, running in Real Time.
4. Do you have Windows Defender and if so check it is disabled.
#3
Posted 11 August 2011 - 09:21 AM
Edited by debodun, 11 August 2011 - 09:30 AM.
#4
Posted 11 August 2011 - 09:54 AM
1. ALCXMNTR - it is Realtek Audio event monitor. It is not a risk but why have it starting up as it simply monitors various activities
AlcxMonitorAlcxmntr.exeRealtek AC97 Audio - Event Monitor. "Slyware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
2. You may also uncheck
AdobeArm
2Adobe ARMAdobeARM.exeRelated to Adobe Optimize and enable Adobe® Flash® Player 10 and Adobe AIR for ARM Powered® devices, ranging from mobile phones to set-top boxes, mobile Internet devices, televisions, automotive platforms, personal media players and other mobile computing devices. Note: Located in \%Program Files%\Common Files\Adobe\ARM\1.0\
3. Jusched
.juschedjusched.exeChecks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control PanelJust check yourself. You do not need this running.
4. Realsched
Realschedrealsched.exeApplication Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals.
After unchecking and Apply and OK, you then reboot and check the small box in the system config message - Do not show again.
To deal with the actual issue, before we proceed, can you please verifty that MSSE was NOT in the process of scanning and that you have that updated as well.
Right click on the taskbar icon for MSSE and click Open, then the update tab.
If you already know this is correct and updated.
Simply type
c:\program files\microsoft security essentials\MsMpEng.exe
in the box on the excluded files and processes and then click the add.
Then reboot and see how it is.
Please DO ensure that you still have the problem before proceeding and it is was not simply during a scan.
Edited by Macboatmaster, 11 August 2011 - 09:56 AM.
#5
Posted 12 August 2011 - 06:47 AM
Other disturbing things I probably should also mention are:
1) After the last Microsoft updates, my icon form MSE was deleted from the desktop. I created another by going to START>ALL PROGRAMS, then right clicking on the MSE icon and asking it to create a shortcut, then I dragged that to the desktop.
2) Now when the computer boots, the MSE icon in the taskbar systray is red and remains that way for about 20 seconds, then changes to its usual green color.
3) If I leave the computer, even for a minute, the HD light comes on and the Task Manager shows MSE activity. As long as I keep moving the mouse, it doesn't do this.
4) Before MSE I has Computer Associates Security Suite installed. When I took my computer to the repair shop a few weeks ago, the techs said CA Security Suite consumes too many resources. They installed MSE, and I assume they knew what they were doing and disabled CASS. At least there's no CA files in my program folder.
5) I managed to get the cycbot.b virus recently, but MSE said it had removed it.
Anyway, as I have already mentioned, my system was fine until the last Microsoft update this week.
Thanks for the advice, though. Let me know if you need to see the contents of any more files.
#6
Posted 12 August 2011 - 10:06 AM
http://cainternetsec...d.aspx?KDId=734
What firewall do you have please.
Have you commissioned Full scan or quick scan.
Full scan is not required and depending on the quantity of files and your resources could take hours.
Full scan is only needed if quick scan reveals concerns.
#7
Posted 12 August 2011 - 10:49 AM
I wonder how they installed it and from where. If they went anywhere besides straight through Microsoft there may be installation corruption present.4) Before MSE I has Computer Associates Security Suite installed. When I took my computer to the repair shop a few weeks ago, the techs said CA Security Suite consumes too many resources. They installed MSE, and I assume they knew what they were doing and disabled CASS. At least there's no CA files in my program folder.
Macboatmaster you may consider having debodun having the malware techs take a look deeper to make sure there are no hidden residuals of the above or any other infections.5) I managed to get the cycbot.b virus recently, but MSE said it had removed it.
#8
Posted 12 August 2011 - 11:35 AM
and do you need to scan every day.
FROM MICROSOFT MSE TECH FORUM
The actual answer is as follows:
1. A periodic quick scan will check the common locations for the presence of malware.
2. A full scan will scan all local drives for any traces of malware
Typically, you do not need to perform a full scan.
Real time protection is monitoring activity and file access on your PC, so if you attempt to open an infected file, it should detect the infection and stop you.
A full scan is very time consuming and disk intensive. If you wish to perform a clean scan periodically, go for it. I rarely run one.
Your best defense is not scanning, but preventing infection in the first place:
In addition to MSE or other up to date antivirus software:
Make sure that the Windows Firewall is enabled.
Make sure that all important/critical updates, including service packs for the operating system and programs are installed from Microsoft Update (Windows Update).
Make sure Internet Explorer is at version 8 or 9 and updated with all patches.
In Internet Explorer, use the SmartScreen Filter.
Make sure that IE Internet Security settings are at least set to medium-high (default).
Enable the pop-up blocker in IE.
On Vista and Windows 7 make sure that User Account Control (UAC) ON and not running with elevated privileges.
Make sure that Windows Automatic Updates are set to at least notify, but the preferred setting is to download and install automatically. If you update manually, be sure to update as soon as possible after being notified of available updates.
Make sure that installed applications, especially Adobe Acrobat, Adobe Flash, and Java are at their latest versions. Many vendors are regularly updating and patching for security holes.
Never click through links from unknown sources and use caution even if they are from a "trusted" source.
Never open unsolicited email attachments.
Practice safe web browsing.
Please report if it still aproblem when not scanning.
AND if you were running full scan.
If still a problem and as rshaffer61 said it may be MSE installation.
Uninstall and reinstall from the link below
http://www.microsoft...ls/default.aspx
See how it is then.
Then we can make a decision as per rshaffer61`s recommendation to refer you to our certified experts in our Malware forum and you can have the computer examined for any traces of infection. The fact that MSE said it had found and dealth with an infection does not mean it is all clear, as no one AV tool can be relied on to find all traces of infection.
Edited by Macboatmaster, 12 August 2011 - 11:36 AM.
#9
Posted 13 August 2011 - 06:33 AM
Additional info on MSE options:
Under the SETTINGS tab there is Real Time protection option. I have all boxes checked there (Turn on real time protection, Scan all downloads, Monitor file and program activity and Enable behavior monitoring). In the Advanced tab, there options are checked - Scan archive files, Allow users to view full history results and Remove quarantined files after 1 week.
Should any other options be unchecked or checked?
You asked before if I had Windows Defender installed. It isn't listed in the All Programs menu, but I noticed something in the Task Manager as MpCmdRun.exe which, after looking this up on the Internet, I learned is perhaps Defender related. So what's going on with that?
Edited by debodun, 13 August 2011 - 07:44 AM.
#10
Posted 13 August 2011 - 08:01 AM
I would start with the second option as it is faster. Uninstall, reboot and reinstall MSE.
To uninstall the last updates go to add/remove programs in control panel, check the Show updates box, find the last 8 updates by looking for the date of installation and uninstall them one at time, rebooting after each uninstallation and checking if the problem is gone. This will enable you to pin-point the culprit.
#11
Posted 13 August 2011 - 12:09 PM
2. Before you try that try this.
Spybot resident protection known as TeaTimer does not always sit well with MSE.
You only need to disable the resident feature of Spybot-S&D. And that is the way to deactivate it: Run Spybot-S&D, switch to the Advanced mode via the menu bar item Mode → hit Yes → select Tools in the navigation bar on the left → Resident and there you can untick the checkboxes in front of the two tools.
You should NOT have ths running, if it is, with MSE.
The MpCmdRun is also MSE scan cmd.
#12
Posted 14 August 2011 - 04:39 AM
#13
Posted 14 August 2011 - 01:37 PM
Macboatmaster you may consider having debodun having the malware techs take a look deeper to make sure there are no hidden residuals of the above or any other infections.
Go to this link follow carefully the advice and post with the logs in that forum.
http://www.geekstogo...cleaning-guide/
Please then provide a link to this thread in the Malware forum, so that the expert helping you can see what has been done here.
Please also post in this forum indicating that you have posted in the Malware forum.
That will then save people answering this thread with further suggestions.
Once you have a clean bill of health from the Malware exper you may then come back if you still have residual problems.
Good luck with it.
#14
Posted 14 August 2011 - 10:57 PM
You have to tackle the problem at it's root. You can uninstall the updates first or deal with MSE. I have no doubt that it was corrupted during the update process and you will have to reinstall it sooner or latter.
So, in short, go to the point. Uninstall MSE in Add/remove programs in Control Panel. Reboot. Download MSE from here(there is a large orange "download it free today" button on the righthand side of the picture on top. Click it, double click on the correct operating system and click "run" when given the option. Update and that's it.
If that doesn't help then start uninstalling the 8 updates, recognizeable by date of installtion, one at a time, rebooting after each, to find the culprit.
#15
Posted 15 August 2011 - 04:34 AM
I fail to understand what your MSE problem has to do with malware or other protection programs.
I totally agree, on the evidence to hand. I am not however certain that the problem is MSE. I think that may be only a symptom of the problem.
Spybot running in resident protection mode, together with MSE running in Real Time Protection was I thought an avenue to be explored.
Reinstall MSE
I have already suggested this - as did rshaffer61
If still a problem and as rshaffer61 said it may be MSE installation.
Uninstall and reinstall from the link below
http://www.microsoft...ls/default.aspx
Even if debodun eventually does as we have recommended
a visit to the Malware forum would ensure that all traces of the infection have been removed.I managed to get the cycbot.b virus recently, but MSE said it had removed it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users