Help - Search - Members
Full Version: wbk###.tmp files and nasty CPU overload
Kaspersky Lab Forum > Beta Testing > KIS\KAV\KTS 2015 MR1
latet
Hi,

I experience more or less random CPU overloads by avp.exe process. mad.gif

I happens mostly when trying to open various apllications, or KIS's settings, but it is not so very often problem after all. Usually I can trigger the problem myself by clicking on "SPAM"/"NOT SPAM" icons in OE. In 2 per 10 cases (even on the same e-mail) - that will cause a nasty freezing and 100% CPU overload. Everything freezes for about 20-30 sec. wich is VERY annoying, as you may imagine.

More investigation:
I've been observing KIS's File Anti-Virus Statistisc and every time the freeze happened, there was a file named wbk###.tmp as "Last scanned" (the numbers in the filename may change during the freeze! - so there are more than one such files being created and scanned at the time).

Question:
Are the files named: wbk###.tmp (e.g. wbk2b0.tmp, wkb39A.tmp) created by KIS?
I can't locate them, they seem to be deleted instantly after the freeze is gone.

So I tried to be smart and made a Trused Zone rule:

The object will not be scanned if...:
Object name: wbk*.tmp
Checking task: any task.


But system freezes still occur, and - what surprized me most - there are still wbk###.tmp displayed by KIS statisctisc as "Last scanned"! Why?

Is it normal that files in Trusted Zone can be "Last scanned"?
Maybe that just means that KIS detected their creation/modification and would have scanned them if they were not in Trusted Zone?

Anyway - the problem of CPU overload caused by avp.exe has something to do with wbk###.tmp files! What are they?

Thanks,

latet
Leo Max
QUOTE(latet @ Apr 17 2006, 10:32 AM)
Question:
Are the files named: wbk###.tmp (e.g. wbk2b0.tmp, wkb39A.tmp) created by KIS?
I can't locate them, they seem to be deleted instantly after the freeze is gone.
*


Those files are not created by KIS. Please read this HERE
Lucian Bara
The file still is displayed, but in the report they have the result "skipped".
The file wbk###.tmp are Outlook Express created files. When OE creates a zero byte file for every message read, it also creates a wbkxx.tmp along with it each time. 1 for each message just read along with a time stamp of when it was read.
latet
OK, thanks.
So that files are not KIS's. And KIS won't scan them if they are in TZ. Great.

But still - see this:



Seems like clicking on "NOT SPAM" in Outlook Express and those temp files are only one of a few situations that cause avp.exe to eat 100% CPU for 20-30 sec and freeze all else.

So it is not scanning of such temp files that causes the freeze. But they are created during the freeze and CPU is overloaded by avp.exe at the time.

BTW: I have A.I.C. disabled.

What should I do?

latet
Lucian Bara
Try to disable registry guard. Another member said that it caused high cpu usage.
latet
QUOTE(lucianbara @ Apr 17 2006, 07:00 PM)
Try to disable registry guard. Another member said that it caused high cpu usage.
*


I tried that. That's not it.

But I made more tests and observatons and I know what causes the problem!
It's Anti-hacker training!

I had the option "Train using outgoing mail" enabled and have observed that about 15-20 sec. after sending any e-mail, the CPU load peak began and lasted for about 20-30 sec. I repeated this test many times. Always the same. Then I disabled "Train using outgoing mail" and repeated sending e-mials many times. The problem did not appear!

After every manual clicking on "SPAM"/"Not spam" icon - the same (sometimes instantly, sometimes some short time later.

I don't know exactly what it is - probably some kind of re-building / re-compliling the anti-spam base (for iBayes?).

Or maybe - and that would be a shamefull bug - slow re-sorting my white list (which is pretty big by now - over 2000 addresses)?
(Normally the black list is empty, right?).

I'd like to test it with an empty while list, but there is no "Export" button for the whitle list, only "import", so I won't do it now, because it would be a little painful.

BTW: What exactly is training on outgoing mail doing? Adding both addresses (mine and the addressee) to the whitle list? Analyzes the body for iBayes? The manual says:


You can train Anti-Spam with outgoing e-mails from your mail client. Then the Anti-Spam address white list will be filled based on analyzing outgoing messages. Only the first fifty e-mails are used for training. Then training is complete.


If training does only that (while list) then it means that my problem is due to the big size of my whitle list!
The old KAS had a huge problem with white/black lists bigger >64 KB. Maybe KIS also has such problems?

Tomorrow I try to test it at work. We have over 15 000 contacts in the address book there, so I will import them all to KIS's Anti-spam while list. If my theory is true, avp.exe will freeze probably for many minutes, after sending an e-mail.
(BTW: it don't really freeze dead - it takes 100% CPU, but it is still possible to work with other programs, but it is much slower than usual). Anyway, it is annoying and it should not be, if every send (or trained on) e-mail causes such problem.

latet
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.