search

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.9k stars 1.23k forks source link

Antivirus scanner has high CPU usage on KBFS kbfsdokan.exe #5490

Open reubenyap opened 7 years ago

reubenyap commented 7 years ago

I'm using Kaspersky Endpoint Security on Windows 10 and whenever its' enabled together with KBFS, cpu usage goes nuts with kbfsdokan.exe and Kaspersky Endpoint Security both taking up a lot of CPU until I disable Kaspersky.

Is this a known issue?

reubenyap commented 7 years ago

Also, once I pause protection it is noted that kbfsdokan cpu usage also goes back to normal.

cjb commented 7 years ago

No, thanks for the report, CC @zanderz @taru @maxtaco

cjb commented 7 years ago

Oops, I meant to CC @taruti.

taruti commented 7 years ago

@reubenyap Can you do a keybase log send when this occurs and paste the log id here?

reubenyap commented 7 years ago

OK I'll get back to this on Monday cause it's at the office. Everything becomes very unresponsive though so I'll try my best

On 20 Jan 2017 8:58 pm, "Taru Karttunen" notifications@github.com wrote:

@reubenyap https://github.com/reubenyap Can you do a keybase log send when this occurs and paste the log id here?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/keybase/client/issues/5490#issuecomment-274066448, or mute the thread https://github.com/notifications/unsubscribe-auth/AVru3RV_pDNBQJlyc9ZMhHaLjUfwurhIks5rUK-RgaJpZM4Lo2C6 .

reubenyap commented 7 years ago

The high CPU usage still occurs even when I'm not logged in (and I wasn't even provisioned). The KBFS drive was still there though. Interestingly when I disable Kasperksy and then reenable it the problem goes away (even after provisioning). I'll troubleshoot again when I next reboot, maybe it's the order that it boots up.

reubenyap commented 7 years ago

Spoke too soon. Came back halfway.

The log id is 52bd239d2757ce930a122e1c

taruti commented 7 years ago

According to the logs the AV products runs with a different SID than you are logged in and tries to access kbfs drive in a tight loop. So it seems like to be as follows:

1) AV product access K:\ 2) KBFS deny access because non-matching SID 3) immediately goto 1.

Perhaps we could fake an empty drive in SID mismatch cases, thinking about the best solution.

reubenyap commented 7 years ago

Well the antivirus is operating under a policy enforced by company's primary server since its one of those enterprise antivirus solutions.

On 25 Jan 2017 6:17 pm, "Taru Karttunen" notifications@github.com wrote:

According to the logs the AV products runs with a different SID than you are logged in and tries to access kbfs drive in a tight loop. So it seems like to be as follows:

  1. AV product access K:\
  2. KBFS deny access because non-matching SID
  3. immediately goto 1.

Perhaps we could fake an empty drive in SID mismatch cases, thinking about the best solution.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/keybase/client/issues/5490#issuecomment-275070272, or mute the thread https://github.com/notifications/unsubscribe-auth/AVru3cePpctAoAleXPl95BMjPJZ_5vC6ks5rVyFFgaJpZM4Lo2C6 .