.bat file and exclusion

I have a .bat file here which I run on occassion which cleans the complete event viewer contents. (the .bat file needs admin rights to run; I am also the admin of all machines here, but only run user accounts while using the machines normally.)

However, with FSAV 2011 installed, even whit this .bat file added to FSAVs exclusions, it does run but slowly like molasses.

If I temporarily unload FSAV the .bat-file runs like it should, that is with top speed.

 

Is there any solution to this to be able to run the .bat-file at top speed with FSAV not unloaded? AM I inflicting some user error on my own behalf?

Comments

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    Hi,

    is there anything specific in that batch or can you post it here?

    If not, then please open a support request and submit a fsdiag as well as the BAT. Please mention this thread and post the received SR-ID here.

     

    Thanks.

  • periperi Posts: 6

    Hi Matthias,

     

    Nothing fancy in it, see below for the contents:

     

    --------------------

    @echo off
    FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
    IF (%adminTest%)==(Access) goto noAdmin
    for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
    echo.
    echo Event Logs have been cleared! ^<press any key^>
    goto theEnd
    :do_clear
    echo clearing %1
    wevtutil.exe cl %1
    goto :eof
    :noAdmin
    echo You must run this script as an Administrator!
    echo ^<press any key^>
    :theEnd
    pause>NUL

    ---------------------------

    What it does specifically is clearing out all event viewer messages so one can start from scratch with a clean event viewer. When this .bat file runs it just takes about say five to eight seconds and after that the event viewer looks clean as silk. I use this one on every Win 7 machine I use.

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    I guess that Deepguard is involved.

    Please disable deepguard and test

    Then enable deepguard without advanced proces monitoring and test again.

     

    If DG turns out to be the culprit add the batch to DGs exlusions.

    If APM is the culprit, leave it off.

     

    If still nothing helps deeper debugging is needed please open a support request, menion this thread and post the SR-ID here.

     

    BR

  • 2eemeli2eemeli Posts: 99

     

    Hi,

     

    not too familiar with scripting, to comment on the quality of the script you are running.

     

    Could it be that deleting event log is a heavy IO operation and therefore the scanner gets heavily loaded.

     

    You could use Sysinternal to see how  the system gets loaded. Process explorer might do the trick, to reveal if it is an IO issue.

     

    You can find it here http://technet.microsoft.com/en-us/sysinternals/bb795533

     

     

     

     

     

     

  • periperi Posts: 6

    Matthias,

    Here are the settings as tested with results:
    1. DeepGuard enabled + Advanced Process Monitoring enabled: speed is slow like molasses.
    2. DeepGuard enabled and use Advanced Process Monitoring disabled: speed is slow but faster as in step 1 above.
    3. both DeepGuard and Advanced Process Monitoring disabled: speed is like it should be, top speed.

    So you were spot on, DeepGuard seems to be doing something with it.
    However, I can't find a way to add the batch file to DGs exclusions: it's FS-AV I'm using not FS-IS which I'm not familiar with.

    Shall I open a support request and afterwards post the SR-ID here?

    @2eemeli
    I have had other AVs in the past, they never bothered regarding running this batch file and it always ran at its supposed speed. But thank you for the suggestion, maybe a second opinion later on.

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Since the batch file invokes wevtutil.exe, I'd suggest to make exclusion for wevtutil.exe and see if it helps. OTOH, you should definitely open a support request and let tech.support and Labs guys look into it. wevtutil.exe seems to be the general Windows command line tool and DeepGuard shouldn't make it run slow.

This discussion has been closed.