Question

Trend Micro Worry Free causing System process (PID 4) to hog CPU cycles

Asked by: JAStillwell

Hello,

We have a Windows SBS 2003 network in our own office. The server also runs Trend Micro Worry Free Business Security Advanced v5.1 Build 1142 with two client computers attached (one wired Windows XP Pro, one wireless Windows Vista Business). Both computers exhibit a problem where the CPU cycles reach close to 100%, and both show "System" with a PID 4 hogging the cycles (JPG picture attached). This can occur for a couple minutes up to several hours, where the computer's CPU runs high and you can hear the fans spinning as fast as they can. Both computers are free of viruses and spyware as scans from Trend, and several other antivirus and anti-spyware utilities have shown.

Troubleshooting running processes and applications has led me to remove the Trend client from one computer, then both computers. Both computers stop running high CPU cycles with Trend removed and then System PID 4 starts grabbing CPU cycles almost immediately when re-installing the Trend client. Also, there are no scheduled scans set to run when the computers login, so Trend is not running a scan when the CPU cycles are high.

Besides looking for a newer version of Trend WFBS to install, or dumping Trend and installing something else, does anyone have any suggestions on how to solve this? We have numerous clients using Trend WFBS and nobody has reported this problem. Searching the web, I find no mention of it either. I can't possibly be the only one with this issue, can I? Am I being fooled by the CPU calming down when the Trend client is removed?

The system just calmed down before I ran HijackThis. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:24 PM, on 3/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbs:24554/sites/dcc/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.autotask.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2685176A-3502-47BB-B91D-BD28CA2A06A0} (vb6project_Test.AT_ActiveX_Test) - https://www.autotask.net/Public/BrowserDetect/AT_ActiveX_Test.CAB
O16 - DPF: {2F30081A-076B-4BD4-A6B7-566B9AF33EE5} (ATQB_Connect.AutotaskToQB) - https://www.autotask.net/billing/invoices/electronic_transfer/ATQB_Connect.CAB
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://idea-central:4343/officescan/console/html/AtxEnc.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://sbs/ConnectComputer/nshelp.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://idea-central:4343/officescan/console/html/AtxConsole.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} (Encrypt Class) - https://server:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://sbs:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED3C} (Security Server Management Console) - https://sbs:4343/SMB/console/html/root/AtxConsole.cab
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Security Server Management Console) - https://sbs:4343/SMB/console/html/root/AtxConsole.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://idea-central:4343/officescan/console/html/AtxPie.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://server:4343/SMB/console/html/root/AtxConsole.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DigitalCorral.local
O17 - HKLM\Software\..\Telephony: DomainName = DigitalCorral.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DigitalCorral.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Advanced Monitoring Agent - Remote Monitoring - C:\PROGRA~1\ADVANC~1\winagent.exe
O23 - Service: Advanced Monitoring AutoUpdate - Unknown owner - C:\PROGRA~1\ADVANC~1\updater.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - Unknown owner - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate1c8fa2d86440862) (gupdate1c8fa2d86440862) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - Unknown owner - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

--
End of file - 11006 bytes


Thanks for your insight!

Jeff

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-03-14 at 12:46:46ID24230717
Tags

Trend Micro

,

Worry Free

,

Windows

,

Vista

,

XP

,

slow

,

high CPU

Topics

Desktop Anti-Virus

,

Server Anti-Virus

Participating Experts
6
Points
500
Comments
20

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Logfile of Trend Micro HijackThis v2.0.2
    HELP This is my log file IE6 stuck and hangs at white screen - Would appreciate help THanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:49 AM, on 10/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode...
  2. HijackThis Log
    Below is a HijackThis log of a computer that was infected by spyware. I cleaned it up but it still is running slow. I am wondering if it is fully clean. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:09 PM, on 2/13/2008 Platform: Windows XP SP2 (WinNT...
  3. Unable to update Trend Micro or any other program
    I was recently doing some work on my personal desktop computer when I realized my antivirus software is out of date. I attempted to manually update however, the software reported that it was unable to connect to the update server. I was also unable to access windows update. E...
  4. Analyze Trend Micro Hijack Log
    I have a pretty good idea of what needs to be remove here, but I would like some input before I go deleting. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:56 AM, on 7/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (...
  5. Hijackthis Log
    I am new to hijackthis and am hopign someone can tell me what should be removed from this list. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:51:41 PM, on 7/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: soundguymikePosted on 2009-03-16 at 11:35:01ID: 23900857

Just had a similar problem with trend micro officescan and our domain controller.
Try disabling the trend micro firewall.

 

by: JAStillwellPosted on 2009-03-16 at 11:45:47ID: 23900971

Soundguymike: I assume you mean to disable it on the main server console so the setting gets dished out to each workstation? Just want to make sure I'm following your instructions correctly.

 

by: JAStillwellPosted on 2009-03-16 at 12:09:08ID: 23901204

Soundguymike: I just checked our settings and the Trend firewall is not active on the server or the desktops.

Any other thoughts?

 

by: suppsawsPosted on 2009-04-02 at 01:18:39ID: 24047553

We have the same problem here ...
Updated to the latest version (5.1), still the same problem.
Although we don't have the problem on all clients (different locations).
I'me not 100% sure, but I don't think XP machines have that problem.
Trendmicro doesn't give us solutions .... .

 

by: JAStillwellPosted on 2009-04-02 at 05:33:55ID: 24048947

I have the same problem with version 3.6 and 5.1. Both on XP Pro and Vista Business. I can stop the problem if I unload the Trend client. Very frustrating!

Anyone else have any ideas what's up?

 

by: suppsawsPosted on 2009-04-03 at 02:10:55ID: 24057952

I found the solution!
you need to uninstall the 'Altiris' software from the HP machines.

 

by: JAStillwellPosted on 2009-04-03 at 06:36:18ID: 24059753

Suppsaws: I'm glad that works for you, but I have HP and Dell computers that show the same problem. Plus the HP doesn't have the Altiris software installed. Guess I'll have to keep searching for a solution!

 

by: carehartPosted on 2009-04-14 at 10:46:43ID: 24140738

@JAStillwell, I notice your list of running processes includes Diskeeper. I experienced the same problem (pid 4, the system process, using high CPU). As soon as I stopped the Diskeeper service, the problem went away. Let us know if that solves it for you.

 

by: JAStillwellPosted on 2009-04-14 at 10:52:09ID: 24140777

Carehart: I just noticed that about 10 minutes ago on my laptop and thought "I wonder if Diskeeper is causing a problem?". Weird. However, I have two computers (one Vista and one XP Pro) and only one of them has Diskeeper running on it (the Vista machine), however, both have the System PID 4 high cpu problem.

In my previous troubleshooting, I compared the installed software on both, pared down to the bare minimum on both, and narrowed the issue down to Trend Micro Worry Free client software. I can replicate the problem by installing or uninstalling the Trend client software 100% of the time. It would be nice to know what it is doing or what it is conflicting with. If I had Diskeeper installed on both, I would be excited by your idea, but oh well...back to the drawing board.

:)

 

by: carehartPosted on 2009-04-14 at 12:01:41ID: 24141361

Well, it's just that both do background operations that are nearly constantly running, it would seem.  I don't run TM, but looking at its site, it seems a security solution. DK is of course a full-time disk defrag solution. Both clearly have the goal of doing their job all the time. Now, it's interesting, I'm running DK 2009, and one of its features is "InvisiTasking", so that it should not be using resources heavily while I am, but it just hasn't proven to work out as expected, obviously.

As for your challenge, I guess you want to know what specifically TM is doing that is taking resources. We'll have to leave that for others.

 

by: JAStillwellPosted on 2009-04-21 at 09:16:51ID: 24196088

I replaced the Trend client with AVG Free edition on one of the computers (laptop running Vista Business on the domain). So far, no System PID 4 100% CPU usage.

What's odd to me is that with as popular as Trend is in corporate environments that I would be one of just a couple people having this issue. I'm not running really weird apps. Things like QuickBooks 2007, Microsoft Office 2007, IE7, Firefox. The only odd one I can think of that's consistent across both computers is RoboForm for password management.

 

by: JAStillwellPosted on 2009-05-25 at 11:33:04ID: 24467983

I setup a new HP EliteBook 8530w running Windows 7 RC. Running Trend WFBS v5 client with no issues thus far. I would like to know why we have had problems with the older, slower Windows Vista Business and Windows XP Pro computers, though.

 

by: BMAREDTAGPosted on 2009-06-24 at 05:47:54ID: 24700485

Hi,

Update below registry. this will solve the issue

rgd,

abhi


Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmevtmgr]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmactmon]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TMBMServer]
"Start"=dword:00000004

 

by: JAStillwellPosted on 2009-06-24 at 11:06:42ID: 24703875

We just got a possible solution from BMAREDTAG, so please don't delete this thread!

 

by: JAStillwellPosted on 2009-06-26 at 11:01:27ID: 24723360

Abhi,

I made those registry adjustments and System (PID 4) is still using anywhere from 25% to 65% of the CPU at any given time. The computer is not using 100% of the CPU cycles, but it's using more than it should as the computer I am trying this on is not actively being used.

I'll keep monitoring to see if the CPU usage slows down.

Jeff

 

by: soundguymikePosted on 2009-07-11 at 15:57:55ID: 24832498

The way that i fixed it was actually quite simple all i had to do was to delete the database on the server and let each computer re register when it logs in. To do this

from the trendmicro note : EN-1034943

1.On the OfficeScan server, stop the OfficeScan Master Service.
2.Open the \PCCSRV\HTTPDB folder then move its contents to a temporary folder.
3.Start the OfficeScan Master Service
4.Restart the OfficeScanNT Listener service on the client, or restart the computer.
5.Open the management console then verify if the client now appears correctly.

 

by: JAStillwellPosted on 2009-07-25 at 15:28:00ID: 24943386

SoundsGuyMike,

I just had a chance to try this. Hopefully it works!

Thanks,

Jeff

 

by: woodmousePosted on 2009-08-27 at 00:54:55ID: 25195521

I have uninstalled the Symantec Virtualization Agent on my HP desktops... and ever since, my problem have disappeared.
On HP laptops this software was not installed, so I deducted this into uninstalling this on my desktops - which did solve my problem.

Symantec Virtualization Agent = Altiris SVS

 

by: ificouldfPosted on 2010-05-19 at 06:51:37ID: 32799278

I try to delete database but system process still gets high cpu. If I disable or uninstall client agent cpu usage goes down, but after reboot or enabled system process takes cpu again. I get the problem only in Windows 7 Business, XP or Vista works without problem.

PD:I update worry free server to last version.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...