Jump to content
Ask Eugene! Read more... ×
dhyanesh.mehta

Kaspersky Endpoint Security Consumes 100% Disk [INC000007404182]

Recommended Posts

Hello All,

 

We are using below products in our organization:

 

1. Kaspersky Endpoint Security 10.2.5.3201

2. Network Agent: 10.3.407

3. Windows 10 Update 1607 desktops.

 

The problem i am facing is every time a computer starts and user logins kaspersky consumes 100% disk for a long time. Sometimes it is for 10 minutes sometimes even longer and during that period the system is completely inaccessible to the users. I contacted Kaspersky support and opened the case few times but everytime did not get any solution from them. All they say is to run GSI report at the time it is consuming 100% resources but i can not run the GSI report as the system is completely inaccessible so no application can be run.

 

If somebody help me we can refine some of the tasks that may be running at system start-up but i am not sure what settings should i keep for which task so please help me here.

 

Please help me out here as i am getting complains from users everyday. I can provide more information if required.

 

Thanks,

Dhyanesh Mehta

Share this post


Link to post
Hello All,

 

We are using below products in our organization:

 

1. Kaspersky Endpoint Security 10.2.5.3201

2. Network Agent: 10.3.407

3. Windows 10 Update 1607 desktops.

 

The problem i am facing is every time a computer starts and user logins kaspersky consumes 100% disk for a long time. Sometimes it is for 10 minutes sometimes even longer and during that period the system is completely inaccessible to the users. I contacted Kaspersky support and opened the case few times but everytime did not get any solution from them. All they say is to run GSI report at the time it is consuming 100% resources but i can not run the GSI report as the system is completely inaccessible so no application can be run.

 

If somebody help me we can refine some of the tasks that may be running at system start-up but i am not sure what settings should i keep for which task so please help me here.

 

Please help me out here as i am getting complains from users everyday. I can provide more information if required.

 

Thanks,

Dhyanesh Mehta

Hi,

 

Please provide your incident number.

 

Thank you!

Share this post


Link to post
Hi,

 

Please provide your incident number.

 

Thank you!

 

 

Hello Konstantin,

 

As of now no incident open but in the past i had opened it which were closed.

 

Thanks,

Dhyanesh Mehta

Share this post


Link to post
Hello Konstantin,

 

As of now no incident open but in the past i had opened it which were closed.

 

Thanks,

Dhyanesh Mehta

 

Please list all incidents.

Thank you.

Share this post


Link to post
Please list all incidents.

Thank you.

 

 

Hello Dmitry,

 

The incident number is INC000007404182 which was previously opened and we did a lot of troubleshooting but did not find any solution for it.

 

Thanks,

Dhyanesh Mehta

Share this post


Link to post
Hello Dmitry,

 

The incident number is INC000007404182 which was previously opened and we did a lot of troubleshooting but did not find any solution for it.

 

Thanks,

Dhyanesh Mehta

 

Hello,

 

support representative asked you to collect diagnostic information.

Is it possible ?

Thank you.

Share this post


Link to post
Hello,

 

support representative asked you to collect diagnostic information.

Is it possible ?

Thank you.

 

Hello,

 

As i said in my post that at the time Kaspersky consumes 100% disk and CPU the system is totally inaccessible to do anything then how can i run any tool to generate the report. Thats the problem.

 

Thanks,

Dhyanesh Mehta

Share this post


Link to post
Hello,

 

As i said in my post that at the time Kaspersky consumes 100% disk and CPU the system is totally inaccessible to do anything then how can i run any tool to generate the report. Thats the problem.

 

Thanks,

Dhyanesh Mehta

Hi,

 

You can load your computer in safe mode and run GSI collector tool.

 

Thank you!

Share this post


Link to post
Hi,

 

You can load your computer in safe mode and run GSI collector tool.

 

Thank you!

 

 

Just a thought - try to add a link of GSI report to startup folder.

Maybe if you lucky, it will kick in before Kaspesky start with heavy load. :unsure:

Share this post


Link to post
Just a thought - try to add a link of GSI report to startup folder.

Maybe if you lucky, it will kick in before Kaspesky start with heavy load. :unsure:

 

We had the same issue Disk 100% and we also closed the case cause of not reaching any where with support and due to this issue we are negotiating with partner to cancel Kaspersky new License ordered and replace it with other vendor can achieve what in there documents, our case number was INC000007487049.

I think there are issues in Encryption engine itself or its architecture in File Level Encryption specially when putting many extensions to handle like our case (Microsoft Documents + Text + PDF + Images)

 

Share this post


Link to post
Hello,

 

As i said in my post that at the time Kaspersky consumes 100% disk and CPU the system is totally inaccessible to do anything then how can i run any tool to generate the report. Thats the problem.

 

Thanks,

Dhyanesh Mehta

 

Hello,

 

GSI report may be collected in any time of computer operation. It's not necessary to launch the utility in peak load.

Thank you.

Share this post


Link to post
Hello,

 

GSI report may be collected in any time of computer operation. It's not necessary to launch the utility in peak load.

Thank you.

 

Ohh is it? So if anytime i run the GSI report it will still fetch past data when the computer had started and had pick load? If thats the case then i will run GSI report and send to support but i guess i will have to create a new case right?

 

Thanks,

Dhyanesh Mehta

Share this post


Link to post
Ohh is it? So if anytime i run the GSI report it will still fetch past data when the computer had started and had pick load? If thats the case then i will run GSI report and send to support but i guess i will have to create a new case right?

 

Thanks,

Dhyanesh Mehta

 

Hello!

 

Could you please also collect the xperf log while reproducing the problem?

 

How to capture xperf-traces to analyze performance issues:

 

NB! You should run utilities with administrator privileges to avoid following errors:

xperf: error: NT Kernel Logger: Access is denied. (0x5)

xperf: error: NT Kernel Logger: Invalid flags. (0x3ec)

 

1. Install Windows Performance Toolkit. Variants:

 

- As part of ADK for Windows 8.1, during installation choose only "Windows Performance Toolkit".

- standalone installers (6.3.9600)​:

 

WPTx86-x86_en-us.msi - 32-bit Windows versions

WPTx64-x86_en-us.msi - 64-bit Windows versions

 

- Link for ADK for Windows 10

- Link for WPT for Windows 10

 

2. On x64 OS set a single value (REG_DWORD)​ DisablePagingExecutive в HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management and reboot the system. Without this step done trace analysis will be more difficult.

 

3.Execute from cmd (run as administrator): xbootmgr -trace boot -traceflags Base+CSwitch+Dispatcher -stackwalk Profile+CSwitch+ReadyThread -postbootdelay 600

 

4. Reproduce scenario.

 

5. Stop (press any key) trace capturing, which was started in 3 clause.

 

6. It will be created trace.etl file in the current directory. It must be transferred to Performance Team for further analysis.​

 

How to capture xperf-traces in "special" cases:

 

1. How to start capturing xperf-traces just after OS reboot and continue it for e.g. 180 seconds?

 

xbootmgr -trace boot -traceflags <required_kernel_flags> -stackwalk <stackwalk_flags> -postbootdelay <delay_to_stop_in_sec>. Например: xbootmgr -trace boot -traceflags Base+CSwitch+Dispatcher -stackwalk Profile+CSwitch+ReadyThread -postbootdelay 180

 

2. How to configure capturing xperf-traces just after each OS reboot?

 

1. xperf -boottrace <required_kernel_flags> -stackwalk <stackwalk_flags>.

Например: xperf -boottrace Base+CSwitch+Dispatcher -stackwalk Profile+CSwitch+ReadyThread -buffersize 1024 -minbuffers 128 -maxbuffers 320.

2. <any actions>

3. reboot OS

4. Stop capturing xperf-traces: xperf -d trace.etl

 

In this case xperf-traces capturing starts just after every OS reboot and continues until is will be explicitly turned-off with following command:

xperf -boottrace off

NB! Keep in mind to turn capturing off at the end of experiments.

 

Thanks!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.