Jump to content
colebantam

KIS 2015 MR2 Mail Antivirus blocks E-Mail-traffic and causes high CPU-load

Recommended Posts

Since I installed KIS 2015 MR2 onto my main machine, I suffer serious problems. Everything seemed fine at first, but later I found my machine almost unusable. A look into taskmanager revealed KIS using 99% CPU time. After a restart the machine was back into working state, and I was able to do some screenshots, when the CPU-load was back again at about 75%.post-67947-1424080819_thumb.png

 

I also took screenshots of the process properties and the 3 threads.

post-67947-1424080923_thumb.png post-67947-1424080942_thumb.png post-67947-1424080952_thumb.png post-67947-1424080960_thumb.png

 

I don't see any third party dll there that could cause the issue, so I think its a problem within kis 2015 mr2 itself. Later I found out, that I also have troubles getting emails in thunderbird. Seems like the mail antivirus blocks email download and when doing so blocking one CPU core with "something". The CPU-load always raise in 25% units, so KIS eating up one core after another (on quad core machines). I did some inspection on the mail that KIS was unable to download (or better said Thunderbird was unable to download with mail anti-virus enabled), and it had nothing suspicious in it (no attachments, no javascript code or something like this).

 

Since Tech-Support is usually quite slow, I decided to give the forum the first chance. Anybody aware of such a problem?

 

PS: Yes, I DID clean the old installation with KAVremover, bevore I installed 2015 MR2 ;)

Edited by Claus Berghammer

Share this post


Link to post

Also, try disabling one component after another to see if you can narrow it down. Are there any automatic background tasks that could cause KIS to scan it? Do you have multiple Thunderbird mail accounts configured or only one?

 

Open a tech support ticket and post your incident number here, a KL forum member will expedite a response if necessary.

Share this post


Link to post

 

I can send you a GSI-Log on PM, but I don't want to upload it to the forum, as it contains private data (paths aso..). I already have made a "cleaned" version of the GSI-Log, but the parser refuses to interpret it, cos its "modified" :(

 

Also, try disabling one component after another to see if you can narrow it down. Are there any automatic background tasks that could cause KIS to scan it? Do you have multiple Thunderbird mail accounts configured or only one?

 

Open a tech support ticket and post your incident number here, a KL forum member will expedite a response if necessary.

 

1.) The problematic component is "mail anti-virus". Disabling that component lets emails download without problems.

2.) Is there any windows system, not having automatic background jobs? ;) Of course I have some, but there is no connection to the mail-problem. I had KIS 2014 installed before with the absolutely same environment (background tasks aso.) and mail anti-spam worked fine and no heavy CPU-loads.

3.) There are multiple mailboxes configured in Thunderbird. Some POP3 some IMAP. The email that was stuck today was POP3/GMX.

 

I was trying to not to have to contact tech support, as they are mostly very slow and 'complicated' (for example sending traces on every message, even if the system hasn't changed in the meantime)...

Edited by Claus Berghammer

Share this post


Link to post

There were problem reports for Thunderbird in the past, but they were supposed to be fixed in MR2. Apart from trying to disable Heuristics in Mail AV and checking if KIS certificate is properly installed in TB there's not much else I can think of. Other members may be more helpful.

 

Contacting support will expedite a fix... if they're not aware of it the fix will come a lot slower.

Edited by 3x0gR13N

Share this post


Link to post
There were problem reports for Thunderbird in the past, but they were supposed to be fixed in MR2. Apart from trying to disable Heuristics in Mail AV and checking if KIS certificate is properly installed in TB there's not much else I can think of. Other members may be more helpful.

 

OK, Ill see if disabling heuristics only instead of the whole component resolves the issue, when a new problematic mail appears. Currently everything runs fine, its very intermittent.

Share this post


Link to post

Disabling Heuristics did not resolve the issue. Tried it twice (with reboot after each try), only disabling the whole component (mail anti-virus) helps. But I nailed it down to a specific mail, so I can redirect it to an Kaspersky Developer (or interested Betatester?) if needed for analysis.

 

Its also sure now, that with every attempt from Thunderbird to download the mail, one more CPU-core gets blocked (by KIS). So, after 4 attempts (on my 4 core system) the machine is almost "dead" because no CPU-time left.

Edited by Claus Berghammer

Share this post


Link to post

I'm using TB 31.4.0, I have about 7 or 8 accounts (all are POP/SMTP), They are: HotMail, GMail, Yahoo and from other no freeware services... I use with all of them SSL/TLS ports, and in my KIS2015MR2 .361 I have enabled "Always Scan always encrypted connections". For now not getting any issue...

 

Added: of course I had to add Kaspersky root certificate to TB Certifications Authorities repository... and in KIS2015MR2 I have Heur to maximum in Mail module.

Edited by harlan4096

Share this post


Link to post

@Harlan4096: I also have this problem only on ONE mail. If you want to try, I can bounce this mail to you, if you give me an address.

Share this post


Link to post
@Harlan4096: I also have this problem only on ONE mail. If you want to try, I can bounce this mail to you, if you give me an address.

 

You can check my profile here in the forum, there You can find my HotMail and Yahoo accounts :)

Share this post


Link to post

Ok My CPU is now eating a constant 1/3, but network is almost 0%, I did not get any message but Yours from forums notification. I even did not open TB, but avp.exe is eating 35% of CPU:

 

post-5997-1424105812_thumb.png post-5997-1424105833_thumb.png

 

In fact I don't know to which account You sent the message, I use a program called Pop Peeper, where I get a preview of all my accounts... so maybe the problem is not with TB but with KIS2015 Mail-AV module in general.

 

Added: I Exit my KIS2015 and the issue got even worse, and one of the avp.exe services didn't want to exist and still eating high CPU:

 

post-5997-1424106128_thumb.png post-5997-1424106136_thumb.png

 

And after some minutes finally avp.exe went out and then my KIS2015 restarted automatically and got warning to send dumps to KL Servers...

Edited by harlan4096

Share this post


Link to post

You have a three Core CPU, that makes 33% CPU load, when one core is gone ;)

So the error is 100% reproducible on your system. I tell you more details about what address I used and about the mail via PM. I don't want to write details about the mail itself into the forum ;)

If you don't want to do additional tests, you need to restart your system to recover from the CPU-load, and then delete the mail via webmail, before you start Thunderbird again.

 

And I never said the issue is in Thunderbird, I always said its in KIS 2015 MR2 ;)

Share this post


Link to post
OK, thanks! We must reproduce the issue with traces on and send them to KL :)

 

OK. Shall I do it? Guess you have the better connections to KL ;):rolleyes:

Share this post


Link to post

I just got the info/the message, I'll try to reproduce the issue with traces and send a report to KL :)

 

Thanks :)

Share this post


Link to post
I just got the info/the message, I'll try to reproduce the issue with traces and send a report to KL :)

 

Thanks :)

 

Drop me a line, if I shall bounce the mail again to you or a developer. Also please notify me, if you have an answer from KL ;)

Share this post


Link to post

Sorry, not yet... this morning just reproduced again the issue with my KIS2015 traces on, got dumps, took again sreenshots, and collected all the data, now uploading it (more than 10GB of info compressed in 150MB rar file) to ownCloud :)

 

I'll keep you in touch :)

Share this post


Link to post

Well, I sent the ticket to KL Support 3 hours ago, if someone from "green people" wants me to post here the ID to accelerate the process... :)

Share this post


Link to post

Well, I could send the "bomb Mail" to some of the developers, maybe than they react a lil more quick? ;) Or do you think they don't use KIS 2015 MR2 themself? ;)

Share this post


Link to post

Here still waiting for an answer from KL Support (ID INC000004155129). I think They use it or course, or should use! :D

Edited by harlan4096

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.