SMSAPM32 and RTVSCAN Use High Amount of CPU (810365)
The information in this article applies to:
- Microsoft Systems Management Server 2.0
SYMPTOMSIf RTVSCAN (Symantec Anti Virus' AutoProtect feature) is
running, when a SMSAPM32 cycle starts, SMSAPM32 may use much more of the CPU
than usual. Frequently, it may use 100% of the CPU for a period of
time.CAUSERTVSCAN uses a system standard hook to filter filesystem
events as they are processed by the system. During a SMSAPM32 cycle, there is a
large amount of file access to write the client log file. SMSAPM32 is also a
mailslot server and client, and there is an equally large number of mailslot
messages that the client writes to the server during this cycle. The mailslots
are relevant because the same API (WriteFile) is used to write both these
mailslot messages and a file on disk, and RTVSCAN hooks WriteFile. Each time
RTVSCAN hooks one of these events, it will increases both the CPU and the disk
I/O of the client.WORKAROUNDRTVSCAN affects SMSAPM32 CPU usage in two ways. The
workaround method depends on how RTVSCAN affects SMSAPM32 CPU
usage.
First, RTVSCAN hooks file access every time SMSAPM32 writes to
its logs (this causes the majority of the CPU usage). Regardless of the version
of NAV/SAV you use, you can eliminate the CPU usage that is related to SMSAPM32
writing to its logs. To do so, exclude the %windir%\Ms\Sms\Logs directory from
RTVSCAN scanning.
Second, RTVSCAN hooks file access every time
SMSPAM32 writes a mailslot message. To resolve this issue, upgrade to SAV 8.0
or later. SAV 8.0 has a new decomposer, named decom 3, that does not hook and
scan mailslot messages.
| Modification Type: | Minor | Last Reviewed: | 6/14/2005 |
|---|
| Keywords: | kbinterop kbClient kbinfo KB810365 |
|---|
|