Jump to content
siliconman01

[Solved]Pre-Release V4.26.0.1006 Not Releasing Handles

Recommended Posts

As with previous versions, Pre-Release V4.26.0.1002 is not releasing handles on completion of a Complete Scan. During the scan, SAS PRO's handles jump from ~300 to 1890. On watching the handles during the scan, the significant increase really explodes when folder C:\Windows is scanned. Over 900 mbytes of RAM is consumed during the scan.

SAS PRO on Vista SP1 x64 Business

On system startup:

Handles = ~300

RAM = 552 kbytes

After full scan:

Handles = ~1850

RAM = 2048 kbytes

This issue occurs on XP-SP3 x86 also.

Share this post


Link to post
Share on other sites

I am run Vista SP1 x64 Business on a Dell XPS 410 with Intel dual core processor and 4 gbytes RAM. My primary security suite is Avira Premium Security Suite V9. SAS PRO with realtime active and TrojanHunter with realtime active are also present. All my software is the latest versions.

In order to see what I am experiencing, you must reboot your computer and then run a Complete Scan with SAS PRO. IF you have already scanned with SAS PRO once following the reboot, the memory used will be much, much less than during the first scan. Apparently the SAS PRO realtime module is building some type of cache during the first scan. The handles, however, jump up to ~1900 and stay there. I have attached some Task Manager displays.

Share this post


Link to post
Share on other sites

From what I am seeing, my hunch is that Windows is likley just caching the handles used by our process. This won't have any effect on how Windows functions or memory used. The memory used during the scan makes sense the way you have your options set, meaning non-default so that it will scan all huge files regardless of the type, content, etc.

This should be the same as previous versions - is this the case in your testing?

I really do appreciate the detail you provide!

Share this post


Link to post
Share on other sites

Hi Siliconman, this is Don. I'm not able to reproduce the issue you're having with the handles. I'm using XP as a test bed.

When you scan on XP, are you scanning as a standard user, or administrator?

Is there a specific portion of the scan where you see the handles creep up?

If you re-enable the options to scan only known file types and executables, do you still see the handles go up?

Thanks

Don

Share this post


Link to post
Share on other sites

My XP-SP3 computer is an old Dell Dimension 8200 with a 2.6 ghertz P4 processor and 1.5 gbyte RAM. It runs NIS 2009, SAS PRO, and TrojanHunter as security realtime protection. All software is the latest versions. The handle problem is not as severe on the XP-SP3. The handles start at ~300, increase to ~650 during the scan, then drop back to ~595 after the scan. Memory starts at ~440 kybtes, goes up to ~100 mbytes during the scan and then drops back to normal of ~440 kbytes.

My Vista SP1 x64 Business computer is a Dell XPS 410 with 2.66 ghertz Intel dual core processor and 4 gbytes RAM. My primary security suite is Avira Premium Security Suite V9. SAS PRO with realtime active and TrojanHunter with realtime active are also present. All software is the latest versions. I have shown in previous posts what happens during the scan on this system.

When you scan on XP, are you scanning as a standard user, or administrator?

On both computers, I am always signed on as administrator. On Vista, this is not the hidden/full administrator account.

Is there a specific portion of the scan where you see the handles creep up?

On XP-SP3, they creep up during scanning the C:\Windows folder.

On Vista SP1 x64, they explode from ~490 to 1850-1890 when the scanner hits the C:\Windows\Servicing\Packages folder. They never drop back even after the scan is completed.

If you re-enable the options to scan only known file types and executables, do you still see the handles go up?

On XP3-SP3, this option does reduce the max handles to ~475 and they drop back to ~375 after the scan is completed.

On Vista SP1 x64, this option makes no difference in the handles. They explode to 1850-1890 when C:\Windows\Servicing\Packages folder is scanned and never drop back.

NOTE: If I exclude the C:\Windows\Servicing\Packages folder, the handles stay fairly constant until the C:\Windows\Winsys folder is scanned. They will then creep up to ~1350 handles and never drop back even after the scan is completed. Of course, the Winsys folder contains over 50,000 files on Vista.

Share this post


Link to post
Share on other sites
Was this happening in previous builds? Nothing changed in this build as far as that code goes, so I am curious as to why it's doing that.

It has been happening on previous builds as well. I submitted a support request a couple of builds back and was told that it would be turned over to one of the system gurus for resolution. I was hoping that the current build would contain a fix for this.

Share this post


Link to post
Share on other sites

Have updated my Vista SP1 x64 Business system to Vista SP2 RTM Business. No improvement in the Handle issue concerning SAS PRO. A complete scan results in ~2000 handles during the scan and these are not released when the scan is completed. Plus RAM usage after scan is 2+ mbytes as compared to 550 kybtes prior to scan.

As a comparison to other scanners:

TrojanHunter- Max handles during scan 496. Separate scanner module from realtime module so all handles are released when the scanner module exits.

MBAM- Max handles during scan 471. Separate scanner module from realtime module so all handles are released when the scanner module exits. On x64 there is no realtime module.

Avira Premium Security Suite V9- Max handles during scan 238. Separate scanner module from realtime module so all handles are released when the scanner module exits.

Share this post


Link to post
Share on other sites

With Pre-Release V4.28.1008, there appears to be significant progress on this issue, particularly on Vista x64 systems.

Windows 7 RC 7100 32-bit

Handles Before Complete Scan = 378

Handles After Complete Scan = 875

Vista SP2 x64 Business

Handles Before Complete Scan = 279

Handles After Complete Scan = 1366

On x64, this is a reduction of ~900 handles over previous versions of SAS PRO. So progress has been made in V4.28.1008. :) I continue to contend that it needs more work to get the program to release many more handles on completion of the scan.

Share this post


Link to post
Share on other sites

Another thing that I have noticed is that SAS does not release handles when performing a normal core/trace update. Just prior to the update the handles for SuperAntiSpyware.exe are 285. The update is executed and installed. The handles for SuperAntiSpyware.exe jump to 448 and stay there. This is on V4.28.1010; however, I'm sure that it has been happening on previous versions as well. Vista SP2 x64 Business and also Windows 7 RC 7100.

Share this post


Link to post
Share on other sites

There appears to be more progress on this issue as of V4.29.1004. The number of handles following a complete scan is down to ~1100. This is on Vista SP2 x64 Business.

Share this post


Link to post
Share on other sites

I'm really glad to see the SAS PRO V4.32.1000 on Windows 7 x86/x64 is releasing handles following a Complete Scan back to near normal levels for SuperAntiSpyware in memory. Six months ago the handles would surge to 2100+ and never release. Now they release down to ~550. Nice going SAS gurus ! :D

Share this post


Link to post
Share on other sites
I'm really glad to see the SAS PRO V4.32.1000 on Windows 7 x86/x64 is releasing handles following a Complete Scan back to near normal levels for SuperAntiSpyware in memory. Six months ago the handles would surge to 2100+ and never release. Now they release down to ~550. Nice going SAS gurus ! :D

I forgot to note that in our release notes, but yes, we did resolve that issue :) Thanks for your assistance in tracking that down!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×