fidbox.dat is eating my hard drive!
BACKGROUND
This question is based on one I posted in the Zone Labs User Forum.
I recently installed Zone Alarm Security Suite (ZASS aka ZAISS), primarily to allow me to replace separate instances of MailFrontier and SpySweeper, which are included in the ZoneLabs product.
However, during recent fragementation checks, I have noticed extreme fragmentation on my C drive due to the fidbox.dat file. In addition, I have noticed that chkdsk when run at boot time takes a very long time to run.
I am suspecting the gargantuan, rapidly growing, excessively fragemented (tens of thousands of fragments) fidbox.dat is also the cause of this issue.
Further, I have noticed other posts in various places complaining about the large size, fragmentation, and long chkdsk times apparently caused by fidbox.dat, including one user who vigorously complained about fidbox "killing chkdsk" during phase 2
FURTHER INFO
As a result of my research, I understand that fidbox.dat is used by the Kaspersky AV which is the embedded AV product included with ZASS.
I do not need or want the Kaspersky AV, because I use NOD32 for AV. The AV function of ZASS is disabled. However, the anti-spyware function is enabled.
I would like to get rid of fidbox.dat, because it takes 4GB of space, insists on becoming horribly fragmented, and is completely useless as far as I am concerned.
In response to my post on the Zone Labs User Forum, "Oldsod" has given some procedures, based on similar procedures described in the Kaspersky forum, on how to reset the fidbox.dat file. However, these procedures do not work as the referenced services do not seem to be running.
Please advise as how to remove fidbox.dat and the related, unused Kaspersky AV component of ZASS.
This question is based on one I posted in the Zone Labs User Forum.
I recently installed Zone Alarm Security Suite (ZASS aka ZAISS), primarily to allow me to replace separate instances of MailFrontier and SpySweeper, which are included in the ZoneLabs product.
However, during recent fragementation checks, I have noticed extreme fragmentation on my C drive due to the fidbox.dat file. In addition, I have noticed that chkdsk when run at boot time takes a very long time to run.
I am suspecting the gargantuan, rapidly growing, excessively fragemented (tens of thousands of fragments) fidbox.dat is also the cause of this issue.
Further, I have noticed other posts in various places complaining about the large size, fragmentation, and long chkdsk times apparently caused by fidbox.dat, including one user who vigorously complained about fidbox "killing chkdsk" during phase 2
FURTHER INFO
As a result of my research, I understand that fidbox.dat is used by the Kaspersky AV which is the embedded AV product included with ZASS.
I do not need or want the Kaspersky AV, because I use NOD32 for AV. The AV function of ZASS is disabled. However, the anti-spyware function is enabled.
I would like to get rid of fidbox.dat, because it takes 4GB of space, insists on becoming horribly fragmented, and is completely useless as far as I am concerned.
In response to my post on the Zone Labs User Forum, "Oldsod" has given some procedures, based on similar procedures described in the Kaspersky forum, on how to reset the fidbox.dat file. However, these procedures do not work as the referenced services do not seem to be running.
Please advise as how to remove fidbox.dat and the related, unused Kaspersky AV component of ZASS.
ASKER
killbox appears to be an interesting and useful tool.
However, the problem is not purely "deleting' fidbox.dat. I probably should have mentioned that there are ways to remove fidbox.dat. For example, it can be removed from Safe Mode.
But it will immediately start regenerating. Kaspersky web site shows how to get rid of it, but warns that by doing so your computer will "slow down" during the time while it is regenerating.
The real problem is thus not to simply remove fidbox.dat, but to disable the useless mechanism that builds it. I say "useless", because the embedded KAV builds it even if it is disabled.
However, the problem is not purely "deleting' fidbox.dat. I probably should have mentioned that there are ways to remove fidbox.dat. For example, it can be removed from Safe Mode.
But it will immediately start regenerating. Kaspersky web site shows how to get rid of it, but warns that by doing so your computer will "slow down" during the time while it is regenerating.
The real problem is thus not to simply remove fidbox.dat, but to disable the useless mechanism that builds it. I say "useless", because the embedded KAV builds it even if it is disabled.
ASKER
I should also add that I have posted a question to the ZoneLabs tech support.
Have you tried this?
1. Delete the file in safe mode.
2. Create a text file named fidbox.dat at that location.
3. Reboot the machine and see what happens.
Windows file system should prevent the creation of this file by KAV because there is already a file existing on that name. That way you can get around it?
Cheers,
Rajesh
1. Delete the file in safe mode.
2. Create a text file named fidbox.dat at that location.
3. Reboot the machine and see what happens.
Windows file system should prevent the creation of this file by KAV because there is already a file existing on that name. That way you can get around it?
Cheers,
Rajesh
ASKER
Might be worth a try. Since fidbox.dat is added to constantly and grows extremely rapidly (up to several GB in a day or two), I think this would only work, if the dummy file causes the KAV iSwift function to fail and just do nothing.
Hardly seems like a robust solution. But be interesting to "see what happens." If I don't get a good answer from ZA tech support, I might give it a shot.
Hardly seems like a robust solution. But be interesting to "see what happens." If I don't get a good answer from ZA tech support, I might give it a shot.
ASKER
The following is a followup which is taken from a thread that I opened in the ZA forum:
ZA tech support had escalated my ticket. I now have the response from the higher level support -- "we are not going to fix it."
As has been surmised in this thread by Oldsod and jazzi, since ZA does not really maintain the Kaspersky AV, they just won't touch it.
Possible workarounds:
1. Keep ZASS 8 and NOD32 in place. Periodically "reset" fidbox by removing it. While this can be done from safe mode, another way I have found is to use Device Manage > View > Show Hidden Devices to temporarily disable KLIF. Then the fidbox files can be removed. Then restore KLIF. This requires two reboots, just as the Safe Mode approach, so users choice.
2. Revert NOD32 to a previous version. I have found that the problem does not occur on other systems with ZASS 8 and and older version of NOD32.
3. Revert to ZA Pro and keep NOD32. The problem does not then occur, as fidbox is not used in ZA Pro. However, the reason I upgraded to ZASS was to eliminate the need for two other products, which previously I ran: SpySweeper (anti-spyware) and MailFrontier (anti-spam). Both of those products have been bundled into ZASS in a similar way as Kaspersky AV.
Some additional rabbit holes that could be pursued:
1. Perhaps ESET, the publisher of NOD32, might have some way to fix the problem, as it does not occur with their back level version.
2. Perhaps Kaspersky would fix the issue.
I am not too happy about investing the time in either of these courses. Especially since I do not have a registered Kaspersky product. ESET has been quite responsive in the past, so I might try that approach.
ZA tech support had escalated my ticket. I now have the response from the higher level support -- "we are not going to fix it."
As has been surmised in this thread by Oldsod and jazzi, since ZA does not really maintain the Kaspersky AV, they just won't touch it.
Possible workarounds:
1. Keep ZASS 8 and NOD32 in place. Periodically "reset" fidbox by removing it. While this can be done from safe mode, another way I have found is to use Device Manage > View > Show Hidden Devices to temporarily disable KLIF. Then the fidbox files can be removed. Then restore KLIF. This requires two reboots, just as the Safe Mode approach, so users choice.
2. Revert NOD32 to a previous version. I have found that the problem does not occur on other systems with ZASS 8 and and older version of NOD32.
3. Revert to ZA Pro and keep NOD32. The problem does not then occur, as fidbox is not used in ZA Pro. However, the reason I upgraded to ZASS was to eliminate the need for two other products, which previously I ran: SpySweeper (anti-spyware) and MailFrontier (anti-spam). Both of those products have been bundled into ZASS in a similar way as Kaspersky AV.
Some additional rabbit holes that could be pursued:
1. Perhaps ESET, the publisher of NOD32, might have some way to fix the problem, as it does not occur with their back level version.
2. Perhaps Kaspersky would fix the issue.
I am not too happy about investing the time in either of these courses. Especially since I do not have a registered Kaspersky product. ESET has been quite responsive in the past, so I might try that approach.
Did you try the killbox? You should need only a single reboot.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
I don't know how that would help. The problem is not deleting the file -- that is easily done. The problem is that it immediately regenerates and grows into a huge, heavily fragmented file.
Continuously deleting it is a workaround, but not very acceptable.
Continuously deleting it is a workaround, but not very acceptable.
Well, I was mentioning as an alternative to the possible workaround's you have mentioned (number 1).
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
As such, I agree, it is a different version of the workaround.
ASKER
I finally adopted yet another approach -- disable all scanning in ZASS, and simply rely on the AV and ASpyware in NOD32. (I was not aware that NOD32 had added ASpyware scanning until looking into this issue.)
The remove-reinstall of ZASS should clean up the fidbox issue.
Unfortunately, I have also learned that the iSwift technology adds vast amounts of ObjectIDs which cannot be gotten rid of short of an OS reload. This is the issue that impacts chkdsk performance.
There are several pertinent threads on this subject in the ZA forum. I am hoping that eventually Kaspersky/Zonelabs will solve this problem as well.
The remove-reinstall of ZASS should clean up the fidbox issue.
Unfortunately, I have also learned that the iSwift technology adds vast amounts of ObjectIDs which cannot be gotten rid of short of an OS reload. This is the issue that impacts chkdsk performance.
There are several pertinent threads on this subject in the ZA forum. I am hoping that eventually Kaspersky/Zonelabs will solve this problem as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try killbox to delete it off.
Cheers,
Rajesh