Vsserv Hammering Disk

AJ500
edited August 2011 in Antivirus

I upgraded to IS 2012 from IS 2011 yesterday. I've noticed that vsserv is hammering the internal SSD disk with reads at about 7Mbps when Auto Scan is turned on. There are about 100 vsservs threads active, reading many files. CPU usage is <10% total, with one core very high.


I had previously done a manual full system scan, but with Auto Scan ON, vsserv was still reading files that had been scanned by the full system scan.


I have changed the on-access scanning option from Normal to Custom with "scan only new and changed files" checked. This has eliminated the constant disk hammering. If this works the way I think it does, I can run a full system scan occasionally and run with Auto Scan OFF and still get virus protection.


Comments?

Comments

  • Same here!!!!!!!!!!!!!!!!!! BD Total Security 2012 is really weird.....


    Cant figure what starts, what crashes......

  • I upgraded to IS 2012 from IS 2011 yesterday. I've noticed that vsserv is hammering the internal SSD disk with reads at about 7Mbps when Auto Scan is turned on. There are about 100 vsservs threads active, reading many files. CPU usage is <10% total, with one core very high.


    I had previously done a manual full system scan, but with Auto Scan ON, vsserv was still reading files that had been scanned by the full system scan.


    I have changed the on-access scanning option from Normal to Custom with "scan only new and changed files" checked. This has eliminated the constant disk hammering. If this works the way I think it does, I can run a full system scan occasionally and run with Auto Scan OFF and still get virus protection.


    Comments?

  • I have exactly the same problem. I was forced to upgrade to IS2012 when my 2-year 2010 licence expired! I now have vsserv.exe thrashing away at my disks almost constantly. It's easy to see - just look at the disks in Resource Monitor (under Task Manager / Pefromance). I actually already had the scan option customised and set to scan new/changed files only, but this doesn't seem to ever end. It may be that the new install needs a few weeks to work through my disks and then it will leave me alone but, for now, the constant grind is driving me crazy and making me think a disk crash is the most probable outcome!! I would appreciate a comment from Bitdefender as to what is actually going on here.

  • HKM
    HKM
    edited September 2011

    @ ColinW


    @ Racer


    I think I found the problem to this continuous hammering.....


    Just on the Main Window switch off the Auto Scan Function..... U must be wondering if we do that, we might not be protected anymore - thats NOT TRUE.


    Once I switched it off, the first thing I noticed was the fact that my drive was at peace after a long time, secondly I checked up with the Windows Action Center just to make sure that I was still protected against viruses and fortunately it still showed as Bitdefender being the Anti-virus program & lastly and most importantly I checked up the Process VVSERV using Process Explorer, IT WAS STILL RUNNING!!!!!!!!!!!! Voila!!!!!!!!!!!!!!!!!!!


    I must say this 2012 version's interface is a bit confusing. I previously thought switching off the Auto Scan would switch off the virus protection.


    Anyway, I hope this was the right solution and hope for u both....


    Comments?

  • Thanks for your input HKM. I've now done the same, ie turned off auto scan on main panel. The Help screen does say: "With Auto Scan turned on, there is hardly any need to manually run scans for malware. Auto Scan will scan your computer over and over again, taking appropriate actions when malware is detected. Auto Scan runs only when enough system resources are available so as not to slow down the computer". But I didn't see a note saying you would still be protected with it turned off, so I assume the fact VSServ is running means I am protected. I had actually achieved a similar aim by going to File&Folder exclusions under AV and adding just the drive letter (I have two physical disks and about 8 logical disks). Since my C; drive is the actice one and receives all documents, that's the one I intend to scan - the others are backups or Linux or XP disks, which don't need constant scanning in my opinion.

  • Hello all,


    Just to clarify: Autoscan and the Realtime Protection are different things.


    The Realtime Protection (RTP) automatically scans (in realtime) files accessed by other processes running in the system. Turning this feature off leaves the computer unprotected from threats that could affect it's well functioning. Changing the state of this module (turning it on or off) can be done from Settings -> Antivirus -> Shield -> On-access scanning [ON/OFF].


    Autoscan is something different. It is like an on-demand scan task which is automatically executed whenever the system is idle. This feature does NOT scan accessed files, like the RTP. Instead, it just scans all files on the system and removes detected threats. This scan, as I said, is only started when the system is idle and is automatically paused when the system stops being idle, so it shouldn't interfere with other tasks/applications that are running. Turning this feature off does NOT leave your computer unprotected. As long as RTP is on, turning Autoscan off doesn't represent a security risk.


    Also, seeing vsserv.exe as a running process does NOT necessarily mean that your computer is protected. If vsserv.exe is not running, then your computer is surely vulnerable. If vsserv is running, but the modules are disabled from BitDefender's interface, again, your system is vulnerable. However, BitDefender should report (in the main interface, as well as by changing the tray icon) whenever there is a problem which might affect your security.


    Cris.

  • Thanks for your input HKM. I've now done the same, ie turned off auto scan on main panel. The Help screen does say: "With Auto Scan turned on, there is hardly any need to manually run scans for malware. Auto Scan will scan your computer over and over again, taking appropriate actions when malware is detected. Auto Scan runs only when enough system resources are available so as not to slow down the computer". But I didn't see a note saying you would still be protected with it turned off, so I assume the fact VSServ is running means I am protected. I had actually achieved a similar aim by going to File&Folder exclusions under AV and adding just the drive letter (I have two physical disks and about 8 logical disks). Since my C; drive is the actice one and receives all documents, that's the one I intend to scan - the others are backups or Linux or XP disks, which don't need constant scanning in my opinion.


    I assume that ure using Windows 7..... Just open up the Action Center and under the SECURITY Section u will find the VIRUS PROTECTION Section .... Just read under that...


    Its should look like this:


    Virus Protection


    Bitdefender reports that it is up to date and virus scanning is on

  • No. I was lucky enough to spend my hard-earned on the latest and greast of the time - Vista!! If I bought every upgrade Microsoft churned out to resolve poor coding issues I'd be a very poor man. I'm pretty happy now having seen Chris's reply as well. I leave RTP on and exclude all the drives I don't use in settings and all seems about right. I did a full system scan last night and it only did my active drives and all the excluded one were omitted - perfect!

  • Thanks for the input Chris, very helpful. See my reply to HKM - I've got RTP on and my inactive/Linux drives excluded - and everything is sweet, hardly any disk bashing at all.


    Colin

  • Colin, I wouldn't recommend excluding whole partitions from RTP, even if they seem ”inactive”. Put it this way: if you don't actually use a partition, does it mean that malware won't either?


    BitDefender is a security application like any other. While the detection rate is one of the best currently on the market (according to different public tests), and despite the fact that anyone would wish for a perfect protection, BitDefender will always be subject to the same rule as any other security solution out there: there is no such thing as 100% detection rate. So there might be a malware out there that can get into your system undetected. And that malware could attack your system in a way that might trigger some other defense mechanisms in BitDefender. But if you exclude from scanning multiple partitions, then that malware could create new infections on those partitions. In which point, it won't even matter if BitDefender could have detected those new infections or not, because, well... those partitions were excluded from scan. Which, obviously, is not good. :)


    For instance, take into consideration Autorun-type infections. Those types of malware which create autorun.inf files in the root of all partitions in the system (including removable drives) and also create an executable on each partition, so the malware is executed each time the partition is accessed by Windows Explorer. This type of infection will remain undetected on excluded partitions, which will keep your system in a continuous vulnerable state, because each time you access those partitions, your computer will be reinfected.


    So, unless you have an auxiliary protection method for those partitions (like read-only drives, encryption, password-protection, etc...), I suggest keeping them not excluded. While Autoscan is not enabled, HDD hammering shouldn't occur (because RTP only scans accessed files, so if you don't access those partitions much, then RTP won't touch them).


    Cris.

  • Hello all,


    Just to clarify: Autoscan and the Realtime Protection are different things.


    The Realtime Protection (RTP) automatically scans (in realtime) files accessed by other processes running in the system. Turning this feature off leaves the computer unprotected from threats that could affect it's well functioning. Changing the state of this module (turning it on or off) can be done from Settings -> Antivirus -> Shield -> On-access scanning [ON/OFF].


    Autoscan is something different. It is like an on-demand scan task which is automatically executed whenever the system is idle. This feature does NOT scan accessed files, like the RTP. Instead, it just scans all files on the system and removes detected threats. This scan, as I said, is only started when the system is idle and is automatically paused when the system stops being idle, so it shouldn't interfere with other tasks/applications that are running. Turning this feature off does NOT leave your computer unprotected. As long as RTP is on, turning Autoscan off doesn't represent a security risk.


    Also, seeing vsserv.exe as a running process does NOT necessarily mean that your computer is protected. If vsserv.exe is not running, then your computer is surely vulnerable. If vsserv is running, but the modules are disabled from BitDefender's interface, again, your system is vulnerable. However, BitDefender should report (in the main interface, as well as by changing the tray icon) whenever there is a problem which might affect your security.


    Cris.


    So a "Auto Scan" is a sort of "Background Scanning" functioning only when the system is idle.?

  • Yes. From the BD User's Guide:


    5.2.1. Auto Scan


    Auto Scan is a light on-demand scan that silently scans all your data for malware


    and takes the appropriate actions for any infections found. Auto Scan finds and uses


    time-slices when system resource usage falls below a certain threshold to perform


    recurring scans of the entire system.


    Benefits of using Auto Scan:


    ● It has close to zero impact on the system.


    ● By pre-scanning the entire hard-disk, future on-demand tasks will be completed


    extremely fast.


    ● On-access scanning will also take significantly less time.



    Regards,