Hello,
If I open a new flow on this topic todayit is really on purpose and because I can provide some analysis and a solution in some cases.
I hope Microsoft with this information will be able to push further theanalysis and provide a solution for this painfull situation.
That is the second time Microsoft Security Escential overruns on my machine.
Analysing with resmon I have been able to Identified that system and MsMpEng where both solicitating the disk very hardly.
The first time this happend I found a discussion on the net in with a program installed by the PC manufacturer (HP in my case) was the source of the problem.
Sorry I do not found the convesation again and I am not able to give you the name of the program, but I am not certain that it was the root cause.
This program was running, I killed it, it went back again the removed the program and everything went good. The idea behind was that this program was permanently telling (how ?) that a file changed, so the file was permanently analysed by MsMpEng.
The second time the problem appeared was after a software automatic update that asked me to reboot the computer.
This program identified during my first incident is not any longer here and does not run. I do not remember it's name but I have been
able to Identified all process running on my system and kill most of process.
The fact is that when I stop the service Microsoft Security Escential, the problem stops. It restarts as soon as the service is restarted.
With resmon (tab "Disks" section "Disks activity") I could Identify one file heavily used by both the system and MsMpEng, and that system
was also heavily writing files in windows/temp.
This file is a 500 MB tgz archieve file (2.5 GB uncompressed) that needs to be decompressed to be analysed.
I changed the file extension and the problem dissapeard.
My understanding (but not the truth) is that, when MsMpEng wants to analyse in background a compressed file, it envolves the sytem that decompress it and writes
temp files. This writing involves MsMpEng that stops what it was doing to process the real time request.
When done it restarts the analysis of the file from the biginning ... That is only a guess that only Microsoft programmers could validate.
Mr Microsoft help, please correct this!
For most of you having this problem, resmon will help you to identify the file leading to this consumption.
When identified many things can be tried in order to break this stupid cycle :
- Manual analysis (hoping MsMpEng will not consider this file to be tested any longer)
- rename the file, move the file, delete the file
And again many thanks in advance to Mr Microsoft to solve that problem lasting for mny years!
I'm sorry you have a wrong
place posted. This forum is used to post questions about the Microsoft Fix it Center automated troubleshooting tool. Could you please post your issue to http://answers.microsoft.com/en-us that
you can get the right solution soon, thanks for your understanding.
Please Mark as Answered
If this is helpful Or Un-Mark as Answered if it is not helpful.
Best Regards,
Alex
Marked as answer byFafafaalexTuesday, May 17, 2011 2:53 AM
