The machine is Windows 7 ultimate 圆4 - new built less than 2 weeks ago - up to date with windows updates and basically just running office, firefox and eset protection. 10:50:25 AMĞSET Kernel Virus signature database successfully updated to version 7222 (20120614). 4:50:20 AM Update moduleĞrror downloading file from update server NT AUTHORITY\SYSTEM 6:59:57 AM Update moduleĞrror downloading file from update server NT AUTHORITY\SYSTEM 9:14:30 AMĞSET Kernel Virus signature database successfully updated to version 7224 (20120615). From the initial antivirus update (around 100mb) we receive the error, Modules update failed. Translation support module: 1064P (20120427) we started using ESET Endpoint Antivirus in our organization. Real-time file system protection module: 1006 (20110921) Rebooting fixed the problem, but I can't expect users to reboot every couple of days - they just DON'T DO IT. I quit all firefox windows (the biggest memory hog) - and tried again - same problem. Since Windows Update is working as desired, I decided to disable this "medic" service until its disk hammering is fixed.I just had the oddest thing - endpoint antivirus failed to update - twice - it complained that it was unable to allocate memory, while task manager showed on 5Gb of 8Gb of physical memory was allocated. Even more importantly, I have over 500 GB free on my system drive! Checking the disk free space is very fast (not recursive), so ideally the plugin should notice that cleanup is not necessary and skip expensive calculations. More importantly, this approach will spend a lot of time worrying about the size of things that can't be automatically cleaned up - I could purge my Gradle caches if I needed space, but Windows doesn't know that and can't know what's dispensable in general. Also, some of these checks are redundant - the size of the Windows apps folder is already included in the size of Program Files. My user profile folder contains a lot of small files in moderately deep directory hierarchies, so this is very slow. It calculates and logs the total size of each of several directories: Speculation aside, the disassembly of CollectCommonDiskInformation makes the problem very clear. A "disk cleanup" plugin might make sure that a reasonable amount of space is free on the system drive and invoke cleanup of dispensable files if not. I speculate that each plugin is supposed to check for and try to resolve a different issue that might interfere with Windows Update functionality. SedPlugins.dll holds "sedimentation" plugins (?), which I imagine is some kind of internal project codename. The calls to PluginDetectCondition and DetectCondition are both indirect. The update medic service seems to be very modular, capable of hosting different plugins. Disassembling and obtaining symbols with IDA 7, the offending call stack seems to be (more recent calls last): WaaSMedicAgent.exe: PluginAction The only thread that appeared active during the disk usage had a stack including both WaaSMedicAgent.exe (as expected) and SedPlugins.dll. With Sysinternals Process Explorer I saw that the process accessed all kinds of files deep in my user profile, virtually none of which should have anything to do with Windows Update. Since this was hindering my machine's performance I spent a little time looking into what exactly it was doing. After a recent large Windows update I noticed that "WaasMedic Agent Exe", hosting the "Windows Update Medic Service", regularly caused 100% disk usage for over an hour at a time.
0 Comments
Leave a Reply. |