Linux Security real-time protection causes performance issue

header .row {width:100%} header .row:nth-child(1) {background-color:#0014a0} header .container, footer .container {max-width:1172px; margin: auto;} .top-header, .bottom-header {height:52px;} .Header-logo img {height: auto; max-height: 32px; width: auto; margin:10px 8px 8px 18px} .header-top-links {float: right; margin-right:20px} .header-top-link, .header-bottom-item {cursor: pointer; display: inline-block; font-size: 14px; font-weight: 500; line-height: 52px; margin: 0 15px; position: relative; text-align: center; } .header-top-link, .header-bottom-item a {text-decoration:none;} .header-top-link {color: #fff;} .header-top-link.active::after, .header-top-link:hover::after {background: #fff;} .header-bottom-link {color: #1e1e1e;} .header-bottom-item .header-bottom-link {margin:0 15px} #homeLink {margin-left:1px} .kb-lang-title {width:100%;text-align:center;font-weight:600;color:black; margin:0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #signin {margin-top:5px} #signin a {text-decoration: none; color:#1e1e1e; padding: 5px 2px 5px 2px; border-radius: 5px;} #signin a:hover {cursor:pointer; background-color:#0014a0; color:white} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} #profiledropdown:hover {cursor:pointer; background-color:#0014a0} #profilename #profileicon {background: #dfdfdf; border-radius: 25px; width: 28px; height: 28px;} #profile-menu ul {list-style: none; padding-left:0} #profile-menu ul li {padding:10px 0 10px 20px;font-size: 15px;} #profile-menu ul li:hover, #articleslink p:hover, #dashboardlink p:hover {cursor:pointer; background-color:#efefef;} #profile-menu ul li a {text-decoration:none; color:#1e1e1e} #profile-menu hr {border:1px solid #efefef} #articleslink hr, #dashboardlink hr {margin:0} #articleslink .title {padding: 0;text-align: center; font-weight: 600;} #articleslink p, #dashboardlink p {padding:10px 0 10px 20px;} #articleslink p a, #dashboardlink p a {text-decoration: none; color:#1e1e1e;} #articleslink .draftslink:hover, #dashboardlink p:hover {padding: 10px 0 10px 20px;} .Footer {background:#f6f6f6;color:#555a62;font-size:16px;line-height:1.5;padding:18px 0; border-top:1px solid #c4c4c4} .Footer .footer-logo-wrap .footer-logo {height: auto; max-height: 32px; width: auto; margin-top:20px} .Footer a {color:#0014a0}.Footer a:hover{color:#041078} .Footer .col {padding:0 20px;width: 20%; font-size: 13px; display: table-cell; vertical-align: top;} .Footer .footer-links-wrap {padding-bottom: 15px; border-bottom: 1px solid #c4c4c4;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-right:1px solid #c4c4c4} .Footer .col ul {list-style: none; padding: 0;} .Footer .col ul li a {color: #1e1e1e; text-decoration: none;} .footer-link-title {text-transform: uppercase; color: #1e1e1e;} .footer-link-subtitle {font-size:14px; color: #1e1e1e; max-width:80% } .col-copyRight a, .social-icons-wrap a {display:inline-block; padding:20px 10px 20px 0; text-decoration: none; color: #1e1e1e; } .social-icons-wrap {float:right;display:none} @media screen and (max-width:991px){ .top-header {height:64px} .Header-logo img {max-height:28px;margin: 18px 8px 8px 24px;} .Hamburger-border {position: absolute; right: 15px; border-left: 1px solid #fff; height: 65px; width: 50px; top: 0; z-index: 20;} .Hamburger {display:block;position: absolute; top: 8px; left: calc(100% - 21px); top: 9px; z-index: 20;-webkit-box-align: center; -webkit-box-pack: center;-webkit-user-select: none; align-items: center; background: transparent; border: none; border-radius: 0;cursor: pointer;justify-content: center; outline: none;transition: .35s;} .Hamburger-menuXcross {height: 22px; padding: 0; width: 22px;} .Hamburger-menuLines {-o-transition: .35s;-webkit-transition: .35s; background-color: #fff; border-radius: 2px; display: inline-block; height: 2px; position: relative; transition: .35s; width: 22px;} .Hamburger-menuLines::before {top: 5.5px;} .Hamburger-menuLines::after {top: -6.28571px;} .Hamburger-menuLines::after, .Hamburger-menuLines::before {-ms-transform-origin: 5.5px center;-o-transition: .35s;-webkit-transform-origin: 5.5px center;-webkit-transition: .35s;background-color: #fff;border-radius: 2px; content: ""; display: inline-block; height: 2px;left: 0;position: absolute;transform-origin: 5.5px center;transition: .35s;width: 22px;} .sr-only {position: absolute !important;width: 1px !important;height: 1px !important;padding: 0 !important;margin: -1px !important;overflow: hidden !important;clip: rect(0,0,0,0) !important;border: 0 !important;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-webkit-transform: rotate(45deg); transform: rotate(45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after {-webkit-transform: rotate(-45deg);transform: rotate(-45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after, .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-ms-transform-origin: 50% 50%;-webkit-transform-origin: 50% 50%;background-color: hsla(0,0%,100%,.6); left: 0;top: 0;transform-origin: 50% 50%;width: 22px;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines {background: transparent;} .isToggled .Hamburger-menuLines {-webkit-transform: scaleX(1);transform: scaleX(1);} #signin {text-align:center; margin: auto; color:white} #signin a {text-decoration: none; color:white;} .header-top-links, .bottom-header {display: none} .banner-middleContainer_f1l0wf96 {box-shadow: inset 0 10px 10px -10px #000;} #homeLink, #helpForumsLink, #FaqsLink, #userguidesLink, #supportLink, .header-right {width:100%; text-align: left; margin: 0; } #userguidesLink, #supportLink {border-top: 1px solid #dfdfdf;} .top-header-link {text-transform: uppercase; font-weight:700; color:#1e1e1e; padding:0 15px; margin-bottom: 0; line-height: 2em;} .header-bottom-link::after {background:none;} .header-bottom-item .header-bottom-link {margin:0 25px} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding:0 0 0 40px} .kb-lang-title {text-align:left;} #kb-menu-dropdown .depth-2-list.open {padding-left:30px} .depth-1-list a, .depth-2-list a, .depth-3-list a {color:#1e1e1e} .smdropdown-alt {line-height: 0; margin:0 padding: 0 0 10px 0;} .smdropdown-link {color:#acacac!important; font-style: italic;} .depth-1-list, .depth-2-list, .depth-3-list {display: none} .header-right {float: right;padding: 3px; height: 30px; border-radius: 3px; background:#0014a0; padding:10px 20px 10px 0; text-align: right;} #profiledropdown {width: 30px; float: right;} #profiledropdown:hover {background: none} #profiledropdown:hover #profile-menu {display: none} #profileicon {margin-top:2px} #profile-menu {display: none; position: absolute; left: 5%; background: white; width: 90%; text-align: left; z-index: 400; border: 1px solid #dfdfdf; border-radius: 3px; box-shadow: 0 5px 5px #dedede;} .open {display: block;} .Footer .col {display: block; width:90%; padding: 0 20px 15px 20px} .Footer .col.col-copyRight, .Footer .col.col-social {width:90%} footer .container {width:95%} .col.footer-logo-wrap {text-align: center;} .col-copyRight a, .social-icons-wrap a {padding: 10px 0 0 0;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-bottom:1px solid #c4c4c4; border-right:none} } @media screen and (min-width:992px){ .Hamburger, #homeLink .top-header-link, #userguidesLink, #supportLink, .smdropdown-alt {display: none;} .bottom-header {display: block;} .header-top-link::after {background: #fff;} header .row:nth-child(2) {background-color:white; box-shadow: 0 3px 5px rgba(0,0,0,0.1);} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding-left: 0; box-shadow: 0 4px 4px rgba(0,0,0,.1);} .depth-1-item, .depth-2-item, .depth-3-item {padding-left:15px; border-bottom:1px solid #dfdfdf;} .depth-1-item a, .depth-2-item a, .depth-3-item a {color: #1e1e1e;} .header-bottom-link::after {background: #0014a0;} .header-top-link.active::after, .header-top-link:hover::after, .header-bottom-link.active::after, .header-bottom-link:hover::after {bottom: 0; content: ""; display: block; height: 5px; left: -15px; margin: auto; position: absolute; width: calc(100% + 35px);} #menu-dropdown, #kb-menu-dropdown {position: absolute; z-index: 100; background: white; text-align: left; margin: 1px 0 0 -15px;} #menu-dropdown, #kb-menu-dropdown .depth-1-list {width:280px} #kb-menu-dropdown .depth-2-list {width:350px!important} #profile-menu {position: absolute; z-index: 100; background: white; width: 350px; text-align: left; width:260px; margin: 0 0 0 -230px; border: 1px solid #c4c4c4; border-radius: 5px; box-shadow: 0 4px 4px rgba(0,0,0,.1);} #menu-dropdown, #menu-dropdown .depth-2-list, #menu-dropdown .depth-3-list, #kb-menu-dropdown, #kb-menu-dropdown .depth-2-list, #profile-menu {display:none;} #helpForumsLink:hover #menu-dropdown, #FaqsLink:hover #kb-menu-dropdown, #profiledropdown:hover #profile-menu {display: block;} #menu-dropdown .depth-1-item:hover .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list, #kb-menu-dropdown .depth-1-item:hover .depth-2-list { display: block; left: calc(100%); background: #fff; border: 1px solid #c4c4c4; position: absolute; top: -1px; width: 100%;} #menu-dropdown .depth-1-item:nth-child(3) .depth-2-list {top:52px} .depth-1-item:hover, .depth-2-item:hover, .depth-3-item:hover {pointer:cursor;background-color:#f8f8f8} .depth-1-item:hover .depth-1-url, .depth-2-item:hover .depth-2-url, .depth-3-item:hover .depth-3-url, #kb-menu-dropdown .depth-2-item:hover .depth-3-url {color:#0014a0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} }

Home

Help Forums

How-to & FAQs

Linux Security real-time protection causes performance issue - F-Secure Community

Linux Security real-time protection causes performance issue

Further analysis is needed to pin-point the problematic file and/or process that is causing the performance issue. By setting fsoasd (real-time inspection process) log to debug mode, it is possible to record all accesses that perform real-time virus and integrity checking. Follow the steps below:

We recommend deleting the existing fsoasd.log file so a fresh log file is created for easier analysis. Execute the following command:
```
# /etc/init.d/fsma stop # rm /var/opt/f-secure/fsav/fsoasd.log # /etc/init.d/fsma start
```

Set the fsoasd log to debug mode:

# /opt/f-secure/fsma/bin/chtest s 45.1.100.11 9

You may now reproduce the problem, or simply wait 10-30 minutes to gather enough debug information.
Reset the fsoasd log output back to normal mode:
```
# /opt/f-secure/fsma/bin/chtest s 45.1.100.11 6
```
Review the log file which is output to /var/opt/f-secure/fsav/fsoasd.log.

Understanding the logs

You can check the file access status by checking lines containing the string BOTTOMHALF.

1198657751 | DEBUG | 0xb7f23bb0 | fsoasd / tophalf.c: 0240 | BOTTOMHALF req: event = 0x4, flags (not set) = 0x0, file = / bin / sleep, process = / bin / tcsh pid = 28360

The numbers on the left indicates the epoch time (January 1, 1970). The items after BOTTOMHALF are as follows:

[event]

0x0: OPEN (Open file)
0x2: CLOSE (Close the file)
0x10: CLOSE (Close the file after change)
0x4: EXEC (Execute the file)
0x80: Load module

[flags] open Flags argument

[file] Name of the file to access

[process] Name of the process that performed the file operation

[pid] Process identification number of the process that performed the filed operation

Performance improvement tips

Based on your debug log, you can identify ways to improve system performance.

If there are many files in the same directory being accessed, there is a possibility that performance may be improved by excluding the corresponding folder from real-time protection.
If many processes access the same process, there is a possibility that performance may be improved by registering the corresponding process in [whitelisted executable file] in real-time protection scan setting.

| |