admin on Jan 7th 2009
I had a server run low on disk space on one of the data volumes (a bit over 1 GB free on a 2 TB volume). When this happened, CPU utilisation went up to 100%. Task Manager showed System was the offending process. This is not the first this has happenedto us (although it’s the first time I’ve looked at it).
So, I ran Process Explorer on the server and took a look at the threads for the System process. Here’s what I saw:
TmXPFlt.sys threads in the System process using excessive CPU
It turns out TmXPFlt.sys is part of Trend Micro Office Scan’s virus scan engine. I tried unloading Office Scan but it made no difference. In the end I had to restart the server.
We install anti-virus to protect our servers, not to take them down.
It’s just not good enough!
Filed in Trend Micro | No responses yet
admin on Feb 11th 2008
If you are running Trend Micro OfficeScan with Virus Scan Engine 8.550.1001 you might see errors such as “Insufficient system resources exist to complete the requested service” or “The server was unable to allocate from the system paged pool because the pool was empty.” If you run Poolmon you will see the Vmem tag using around 80 to 100MB of the pool. Basically, this is Trend consuming a large portion of your paged pool:
In Sysinternals’ Process Explorer you see that most of your paged memory is in use:
If you unload Trend OfficeScan most of your Kernel’s paged memory is freed:
Basically, it seems that OfficeScan is trying to load its entire pattern file in memory. Unfortunately this file is around 100MB, which doesn’t leave much of the default 160MB page pool for the rest of the system. This problem has been around since at least the end of October when this version of the engine was released. Trend Micro have known about it since at least the middle of December. They have published a work around (see Trend Micro’s Solution ID on the problem) that increases the size of the pool. However, this only delays the onset of the problem.
More information can be found in this thread at the SysInternals forums.
It’s now almost the middle of February and Trend Micro still haven’t released an update fixing this problem. When are they going to fix it? Personally, I think anti-virus can at times be as bad as the viruses.
It’s just not good enough!
Filed in Trend Micro | One response so far