Insufficient System Resources and Trend Micro OfficeScan

If you are running Trend Micro OfficeScan with Virus Scan Engine 8.550.1001 you might see errors such as “Insufficient system resources exist to complete the requested service” or “The server was unable to allocate from the system paged pool because the pool was empty.” If you run Poolmon you will see the Vmem tag using around 80 to 100MB of the pool. Basically, this is Trend consuming a large portion of your paged pool:

In Sysinternal's Process Explorer you see that most of your paged memory is in use:

If you unload Trend OfficeScan most of your Kernel’s paged memory is freed:

Basically, it seems that OfficeScan is trying to load its entire pattern file in memory. Unfortunately this file is around 100MB, which doesn’t leave much of the default 160MB page pool for the rest of the system. This problem has been around since at least the end of October when this version of the engine was released. Trend Micro have known about it since at least the middle of December. They have published a work around (see Trend Micro’s Solution ID on the problem) that increases the size of the pool. However, this only delays the onset of the problem.

More information can be found in this thread at the SysInternals forums.

It’s now almost the middle of February and Trend Micro still haven’t released an update fixing this problem. When are they going to fix it? Personally, I think anti-virus can at times be as bad as the viruses.

It’s just not good enough!