.bat file and exclusion
I have a .bat file here which I run on occassion which cleans the complete event viewer contents. (the .bat file needs admin rights to run; I am also the admin of all machines here, but only run user accounts while using the machines normally.)
However, with FSAV 2011 installed, even whit this .bat file added to FSAVs exclusions, it does run but slowly like molasses.
If I temporarily unload FSAV the .bat-file runs like it should, that is with top speed.
Is there any solution to this to be able to run the .bat-file at top speed with FSAV not unloaded? AM I inflicting some user error on my own behalf?
Comments
-
-
Hi Matthias,
Nothing fancy in it, see below for the contents:
--------------------
@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Event Logs have been cleared! ^<press any key^>
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
echo You must run this script as an Administrator!
echo ^<press any key^>
:theEnd
pause>NUL---------------------------
What it does specifically is clearing out all event viewer messages so one can start from scratch with a clean event viewer. When this .bat file runs it just takes about say five to eight seconds and after that the event viewer looks clean as silk. I use this one on every Win 7 machine I use.
-
I guess that Deepguard is involved.
Please disable deepguard and test
Then enable deepguard without advanced proces monitoring and test again.
If DG turns out to be the culprit add the batch to DGs exlusions.
If APM is the culprit, leave it off.
If still nothing helps deeper debugging is needed please open a support request, menion this thread and post the SR-ID here.
BR
-
Hi,
not too familiar with scripting, to comment on the quality of the script you are running.
Could it be that deleting event log is a heavy IO operation and therefore the scanner gets heavily loaded.
You could use Sysinternal to see how the system gets loaded. Process explorer might do the trick, to reveal if it is an IO issue.
You can find it here http://technet.microsoft.com/en-us/sysinternals/bb795533
-
Matthias,
Here are the settings as tested with results:
1. DeepGuard enabled + Advanced Process Monitoring enabled: speed is slow like molasses.
2. DeepGuard enabled and use Advanced Process Monitoring disabled: speed is slow but faster as in step 1 above.
3. both DeepGuard and Advanced Process Monitoring disabled: speed is like it should be, top speed.
So you were spot on, DeepGuard seems to be doing something with it.
However, I can't find a way to add the batch file to DGs exclusions: it's FS-AV I'm using not FS-IS which I'm not familiar with.
Shall I open a support request and afterwards post the SR-ID here?
@2eemeli
I have had other AVs in the past, they never bothered regarding running this batch file and it always ran at its supposed speed. But thank you for the suggestion, maybe a second opinion later on. -
Since the batch file invokes wevtutil.exe, I'd suggest to make exclusion for wevtutil.exe and see if it helps. OTOH, you should definitely open a support request and let tech.support and Labs guys look into it. wevtutil.exe seems to be the general Windows command line tool and DeepGuard shouldn't make it run slow.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!