Increased Task Manager CPU Useage with Norton ??

[Erehwon]

I recently uninstalled AVG (uninstalled, rebooted, ran AVG Remover Tool,
rebooted) and installed Norton Security Suite. Ever since then I've noticed
that, with nothing else running, Task Manager shows Task Manager's CPU usage
at about 13% leaving System Idle Process at 87%, even after fresh reboot.
Prior to uninstalling AVG, I never saw Task Manager's CPU usage above about
3%. Is there any reason Norton would have caused Task Manager's CPU Usage
to increase? I have Task Manager up more often than not so it was a fairly
obvious change.

I had swapped from AVG to NORTON due to the computer locking up and
requiring a reboot probably 2 out of 3 times AVG did its automatic updates.
The update generally worked fine after a reboot. I had tried several rounds
of uninstalls, AVG Remover, and then re-installing AVG with no change so
finally went with Norton since I'm on COMCAST and they provide NORTON for
"free" anyway. That did come as part of Comcast's Constant Guard Protection
Suite, but I have not installed or enrolled in any of it's other components.
When I did a full scan with NORTON, it only caught a couple of tracking
cookies so I guess AVG was working fairly well.

Running XP SP3 with current updates on Dell Dimension 8300, P4 3.0 GHz
processor, 3 GB ram and 45 GB free disk space. Perhaps too old for bloat of
NORTON ??

[VanguardLH]

If no other processes are being deprived of CPU cycles, does it matter
if something uses them when nothing else is? There are many programs
that will consume CPU cycles when the CPU is otherwise idle but they run
at low-priority or are designed to immediately surrender the CPU if
something else wants to use it.

You might have a dozen people futzing around in your kitchen but if they
all vanish the instant you walk in to grab something from the fridge,
you have not been impeded in your task because the kitchen was busy
before but not when you got there.

Rather than watch a meter and claim that it shows your computer is
getting impacted (when it would otherwise be doing nothing anyway),
monitor how responsive is your system to your I/O or when running apps.
If the CPU is instantly surrended to something else that wants to use it
then that something else isn't getting impacted by the prior activity.

Norton - which is a company's division name, not a product name - has
several products and they have LOTS of components and configuration
settings. There's probably something you configured (or left configured
as the default) that performs some tasks when the CPU is otherwise idle.
Maybe the unidentified Norton product performs a disk defrag when the
computer goes idle (i.e., defrag on-the-fly). That's just a guess.

"CPU usage at about 13% leaving System Idle Process at 87%". And? Just
WHAT is consuming the 13% of the CPU cycles when the CPU is otherwise
idle? That doesn't say Norton is using that 13%. You did not identify
what process(es) is eating up that 13% and if they go immediately down
in CPU usage when something else wants more.

[Zilbandy]

On Sat, 17 Sep 2011 14:32:45 -0500, VanguardLH <V...@nguard.LH> wrote:

>Task Manager shows Task Manager's CPU usage
>> at about 13% leaving System Idle Process at 87%, even after fresh reboot.
>> Prior to uninstalling AVG, I never saw Task Manager's CPU usage above about
>> 3%. Is there any reason Norton would have caused Task Manager's CPU Usage
>> to increase? I have Task Manager up more often than not so it was a fairly
>> obvious change.

To add to Vanguard's reply, open a couple of browser windows, and a
few other programs you run. Maybe watch a video online. Then, check
your Task Manager.

--
Zilbandy

[Erehwon]

"VanguardLH" <V...@nguard.LH> wrote in message
news:j52sjr$2lk$1...@news.albasani.net...

To clarify, the process that's consuming the 13% IS Task Manager
(taskmgr.exe) and that process was consistently running under 3% prior to
the switch to Norton Security Suite. I wasn't looking at all of the
processes running, just this particular one since everything else is pretty
much at 0. I'm also aware that I can shut down Task Manager but was just
curious why any program would change the CPU usage by taskmgr.exe.

[Erehwon]

"Zilbandy" <z...@zilbandyREMOVETHIS.com> wrote in message
news:df0a77lquijk13bet...@4ax.com...

Regardless of what else I have running, taskmgr.exe is (the process, not
total CPU usage) is taking up about 13% of CPU resources compared to less
than 3% before. As noted, I realize I can shut it down and get rid of the
extra 13%. Just curious whether the increase is related to Norton Security
Suite or just a coincidence.

[VanguardLH]

Erehwon wrote:

> VanguardLH wrote ...

I'd start looking at what refresh rate that Task Manager was configured
to poll at. Reduce the columns down to the minimum, too, instead of
showing lots of info. With lots more info to check then Task Manager
would need more processing power.

Does CPU usage for taskmgr.exe go down when you temporarily all
monitoring by Norton <whatever>? Tested by rebooting into Windows' safe
mode? Tested by disabling all startup items (using msconfig.exe) and
reboot into normal mode?

Are you sure you are running the taskmgr.exe that came with Windows or
something else (malware)? Compare it against the one in the dllcache
folder or from the install CD.

fc /b \windows\system32\dllcache\taskmgr.exe \windows\system32\taskmgr.exe

You might also want to use SysInternals' Process Explorer to make sure
the taskmgr.exe listed is the one that is provided by Windows and
doesn't come from some other path. Some malware are camoflaged as Task
Manager, so what happens when you submit the taskmgr.exe that is running
(from the path shown by Process Explorer) to virustotal.com.

Task Manager does not show all processes. Malware may not be seen in
Task Manager. There are processes hidden to Task Manager which might be
okay or bad. Also, some processes also have more than one program
running inside them (e.g., svchost.exe will have several services rolled
into each instance which can be see by using Process Explorer). There
are multiple wasy to hide a program from showing in Task Manager. Read
http://www.wenpoint.com/securityinfo/rootkit/hiddenprocess-implies-attack.php
and the section describing what is a process, 4th paragraph (I've never
even heard of their HiddenFinder utility which is demoware since you
have to buy it to enable its "kill hidden process" feature). Maybe
something like http://processhacker.sourceforge.net/ will show what
would otherwise be hidden processes. Hooking into the system API is
another method to hide. I've used Resplendence Hook Analyzer (no longer
available but might've been replaced with their SanityCheck utility) to
see what hooked itself into the OS. I did this to find out why two
security programs conflicted with other which was due to them hooking
into the same system call and not working together or not properly
chained. There are several rootkit checkers, like the one from
SysInternals, but the user needs some expertise in figuring out what
they're getting told. For example, Daemon-Tools (emulates CD drives in
memory with some anti-copy protection options) installs a driver in
rootkit-like fashion (because there are copy-protected game and DRM
programs that specifically look for it), so seeing SysInternals Rootkit
Revealer report about it is not a cause for concern *if* you know on
what it's reporting.

Task Manager shows itself as busy with something but won't show you that
something in its list. That's when I start suspecting a hidden process
or system hooks.

Do an update of Norton <whatever> and do full scan. Also scan using
other security programs, like MalwareBytes AntiMalware or
SuperAntiSpyware (although that will install system hooks and drivers
despite you wanting to use it only as a passive on-demand scanner).
Also submit explorer.exe to virustotal.com since the real one is also
the desktop manager besides its Windows Explorer persona.

[David]

On Sat, 17 Sep 2011 13:52:30 -0500, "Erehwon" <inv...@address.here>
wrote:

Norton does have some background feature that waits for an idle time
to do some scanning. I'm only aware of it when I start to do something
on the PC and it alerts me that it was busy doing whatever it wanted.

I've been pleased with the Norton suite free from Comcast. It's found
alleged viri in folders of old downloads that free AV programs never
touched.

I first insalled the Norton on a new PC, it didin't break or bombard
me with pop ups. After a month of use I was compelled to put it on a
Win7 computer that has never been re-installed since release. Still no
performance hits that I can detect.

Win7 with all updates, Core2 Duo 3GHz, 4 G RAM.

[Sir_George]

David wrote:

(snipped)

> I've been pleased with the Norton suite free from Comcast. It's found
> alleged viri in folders of old downloads that free AV programs never
> touched.

Just an FYI, there is no such word as "viri". The plural form of virus
is "viruses".

--
Sir_George

[VanguardLH]

Sir_George wrote:

Not only did David use the wrong plural form for "virus" but he didn't
even use the correct word. In ancient Latin, there was already the word
"viri" which was NOT the nominative plural "virus" (slime, poison, or
venom) but the genitive *singular* of "vir" (man). "Virus" is a neuter
noun in Latin which means if there had been ancient usage then it
would've ended with "a" (as "vira" or "virae"). Neuter nouns in ancient
Latin ended in "a", not "i".

This malformation whose growth coincided with the Internet will
eventually become common for a long enough time that later generations
will come to accept it, like they now do for the word "lite".

"Viruses" was also incorrect (as noted above) but commonality over time
is what makes English an adaptive and a morphing language to evolve over
time. There are lots of words in English (American or British) that
don't strictly follow the Germanic or Latin rules because it is still a
living language, not a dead language that cannot evolve with context and
actual use. We see "virii" is an incorrect pluralization based on old
rules (from a dead language) but if it becomes pervasive enough for long
enough then our kids' kids will be using it as an accepted form.

[FromTheRafters]

Sir_George wrote:
> David wrote:
>
> (snipped)
>> I've been pleased with the Norton suite free from Comcast. It's found
>> alleged viri in folders of old downloads that free AV programs never
>> touched.
>
> Just an FYI, there is no such word as "viri".

Yes there is.

> The plural form of virus is "viruses".

Correct.

[Sir_George]

FromTheRafters wrote:

I should have used a qualification statement. It is a word, but not yet
commonly accepted as the plural of virus.

I stand corrected, I will now go to the corner of the room and stay
there for 30 minutes as my just punishment ;-)

--
Sir_George

[FromTheRafters]

Sir_George wrote:
> FromTheRafters wrote:
>
>> Sir_George wrote:
>>> David wrote:
>>>
>>> (snipped)
>>>> I've been pleased with the Norton suite free from Comcast. It's
>>>> found alleged viri in folders of old downloads that free AV
>>>> programs never touched.
>>>
>>> Just an FYI, there is no such word as "viri".
>>
>> Yes there is.
>>
>>> The plural form of virus is "viruses".
>>
>> Correct.
>
> I should have used a qualification statement. It is a word, but not yet
> commonly accepted as the plural of virus.

Okay. I don't think it should ever be accepted as the plural for the
English word "virus".

I meant it's a word:

http://latindictionary.wikidot.com/noun:vir

> I stand corrected, I will now go to the corner of the room and stay
> there for 30 minutes as my just punishment ;-)

Take a brief hiatus, or as many hiati/hiatii/hiatuses as is/are necessary.

[Sir_George]

FromTheRafters wrote:

Thank you for your compassion ;-)

--
Sir_George

[Bear Bottoms]

"Erehwon" <inv...@address.here> wrote in
news:j52q9h$qrj$1...@speranza.aioe.org:

AVG is disrecommended nowadays and I won't list it on my site. Use Avast,
Avira or Comodo to get what you want.

--
Bear Bottoms, security consultant
http://bearware.info