Question

Memory leak on Kaspersky Security for Exchange 2003

Asked by: AstralWind

I have 8 OutProcAdapter.exe processes running on my email Server, which are in connection with Kaspersky for Exchange, that are growing at the rate of 5MB a month.  I try rebooting the Server but the memory they are using stays the same.  How can I reset this processes to recover some of the memory and prevent my system bugging down.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-09-02 at 04:44:06ID23695617
Tags

Kaspersky Lab

,

Kaspersky Security for Exchange 2003

,

5.5

Topics

Email Anti-Virus

,

Windows 2003 Server

,

Anti-Virus

Participating Experts
1
Points
500
Comments
35

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Shall i use Kaspersky!?
    Dear Experts, Good Morning or Good evening. My best greetings to all of you. I have been using Norton Anti Virus for years,until today,i am using the latest version of it,but one of my new mates has recommended "Kaspersky" to me as an Antivirus,AntiTrojan &a...
  2. Is Kaspersky a Virus in itself ?
    I setup Kaspersky on 3 different standalone systems. All 3 were connected to a major ISP. All 3 - once connected- got the Kaspersky message along the lines of " Love San is trying to access this system" Is the ISP's server infected or something...this is weird ...
  3. Kaspersky Anti-Virus - Experts Rating ?
    I am considering getting rid of my Norton Antivirus and instead start using Kaspersky, and wonder.... 1) Does anyone have any experience of using Kapersky Antivirus ? Is it any good ? 2) If using Kaspersky together with Norton Internet Security - will there be any conflict...
  4. Kasperski Internet Security and Winamp
    Upon installing Kaspersky Internet Security 7.0 (KIS) on my pc with Windows Vista Ultimate (32-bit), WinAMP 5.52 will no longer connect to the Internet for such features as XM Radio by AOL. Obviously there is some setting in KIS blocking WinAMP from connecting - yet I've bee...
  5. wmibus.exe (Kaspersky - virus Worm.Win32.Auto…
    Kaspersky keeps finding the file 'wmibus.exe' in C:\Windows\System\ folder. The Anti-Virus removes the file but it keeps popping back. Currently we are completing Windows and Office Updates in hopes that this worm stops replicating. My question is - there is not much infor...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Richard_de_grootPosted on 2008-09-04 at 11:20:56ID: 22390833

So this seems a known bug:
http://www.kaspersky.com/support/exchange/security5.5/common?qid=208279376

I saw you already tried this ;-)
http://forum.kaspersky.com/lofiversion/index.php/t80312.html

Do you have the latest build? Later than build 5.5.1354?

What does Kaspersky support say?

Richard.

 

by: Richard_de_grootPosted on 2008-09-04 at 11:52:34ID: 22391235

Maybe you can tweak some settings in the Kaspersky software for MS Exchange Server 2003.
Put it on Standard Anti-virus Protection. If you're in doubt click the button for "Restore the default settings" to make sure you have the default settings.

Attachment Scan :
You can exclude some attachements scanning and exclude zipped attachements with a higher level as 32.

Exclude files defined by mask :
*.txt, *.tx? . *.txx  
test . all files with test in it's file name

Stop scan if it takes longer than 180 seconds

Actions :
Protected and damaged objects :
Additional setings :
Number of scanning threads? Put them on three.
Number of copies of the antivirus kernel 3 bij default (Process OutProcAdapter.exe)

Max. size of objects to scan in memory 1024 KB by default.
"Enable background scan"
You can also choose to let the software stop scanning in X hours.

All above was translated from a French website. I hope this will give you some ideas how to tweak Kaspersky software. Sorry for my worse French. Have a look:
http://kb.kaspersky.fr/index.php?article=946


 

by: Richard_de_grootPosted on 2008-09-04 at 11:54:37ID: 22391265

Further more I found a critical update wich states it will remove a memory leak. Have you tried this?
http://www.kaspersky.com/support/exchange/security5.5/common?qid=208279815

This is all for now. I'm not an expert on Kaspersky but only try to help.

Hope this will help you in any way.

Kind regards,

Richard.

 

by: AstralWindPosted on 2008-09-08 at 04:41:54ID: 22416276

Thanks Richard, I need all the help I can get with this problem.

I tried those link already and workout the suggested upgrade from them and now I'm on build 5.5.1388.0 but the problem persist.

I will try your suggestion on default settings and update you with the outcome.

Thanks,

 

by: AstralWindPosted on 2008-09-09 at 05:41:25ID: 22426766

Richard,

I have tried default settings but no luck still.  I heard that I should have a Kaspersky AV 6.0 installed together with my current Exchange 5.5.  I only have Kaspersky Security for Exchange 2003 v 5.5 on my system now.  Would it be the reason I'm having this trouble now?  The manual does not mention about having 6.0 together with my exchange 5.5 as a requirement.

Any thought about this?
Thanks....

 

by: Richard_de_grootPosted on 2008-09-09 at 06:10:49ID: 22426970

I did some research at one of the few sites we have with Kaspersky and they said the same thing about V6.0. It seems that V6.0 has new capabilities that will forget your problems. You can surely try.

I have to mention though that my colleagues warned me about your DNS. You DNS/WINS should be working perfectly. If your DNS isn't correctly configured, you can have performance issues.

Can you also make sure your DNS is working correctly? If you do nslookup on your pc's? can you post the outcome?

Thanks.

 

 

by: AstralWindPosted on 2008-09-09 at 07:36:04ID: 22427817

Thanks Richard.  I am talking about 2 versions of Kaspersky one is Kaspersky Security 5.5 for Exchange Server 2003 which we have currently installed in our Email Server machine and the other is Kaspersky Anti-Virus 6.0 for Windows Servers which we don't have on our Email Server.  But what they are saying is that I must have both versions running on my Email Server.  I am quite confused which setup is right as I can't find anything in this connection on the documentation of Kaspersky Security 5.5 for Exchange Server 2003.  How about on your system do you have them both installed and running on one Email Server Machine?

Here is the output of nslookup;

C:\>nslookup
*** Can't find server name for address x.x.x.1: Non-existent domain
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address x.x.x.2: Timed out
*** Default servers are not available
Default Server:  UnKnown
Address:  x.x.x.1

 

by: Richard_de_grootPosted on 2008-09-10 at 07:54:49ID: 22438973

Hi,

make sure you have your Reverse DNS setup on your server. See:
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21673026.html

The system I'm looking at, strangely enough, didn't install V5.5. for protection against virusses on their mailboxes but they do have V6.0 installed. I'm still waiting for a reply about the complete functionality on Version 6 if it will also protect their emailboxes.

Let's try to repair your DNS first. This isn't good :-(

Richard.

 

by: AstralWindPosted on 2008-09-10 at 08:51:01ID: 22439605

Thanks Richard.  I will digest the info that I found from the link you provided and try to setup reverse DNS then let you know the outcome.

The IT company that setup our Servers talk about setting up a Reverse lookup from our ISP before.  We had a problem with AOL that time where in our emails are being rejected by AOL.  Do that differ with the DNS which is in our network which handles the computer name in our network?

 

by: Richard_de_grootPosted on 2008-09-10 at 10:59:06ID: 22441099

"Do that differ with the DNS which is in our network which handles the computer name in our network?"
That's correct. Your internal DNS is a seperate issue from the matter with AOL.

The setup of the reverse DNS is pretty simple. If I can help you with it, just let me know :-)

Richard.

 

by: Richard_de_grootPosted on 2008-09-11 at 02:00:59ID: 22447493

Another thing you can try is to exclude the Exchange directories wich holds the .edb - files. This could also be causing all your problems. See links:

Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
Exchange 2003: http://support.microsoft.com/kb/823166/
Exchange 2000: http://support.microsoft.com/kb/328841/

A general link:
http://support.microsoft.com/kb/822158/en-us

Do not worry about the exclusion of the .edb files or folders cause the realtime scanner is still there :-)

Hope this will help you.

Richard.

 

by: AstralWindPosted on 2008-09-11 at 03:07:03ID: 22447896

Hi Richard,

I am to make the reverse DNS now, but there is something I want do make sure it's clear to me, do I need to make a reverse DNS of each of my subnets?  We have a lot of remote sites, with there own subnet, which are connected and authenticated here in our main office via VPN.  So, do I need to create a reverse DNS for each of them?

 

by: Richard_de_grootPosted on 2008-09-11 at 03:15:45ID: 22447961

No, just create a B-class subnet like: 192.168.x.x. DNS will automatically make new folders with underlying subnets. If all is good there should be no more errors in your eventlogs about this missing piece in DNS ;-)

Richard.

 

by: AstralWindPosted on 2008-09-11 at 03:35:32ID: 22448129

So I need to create 2? 1 for my 10.0.0.X and my remote sites which use 192.168.X.X?

Another thing I've noticed is that not all remote client machine appeares when I browse the network from here, the Head Office.  Is it also in connection with DNS problem?

I had setup the reverse lookup for 10.0.0.x but when I try nslookup again the same message appear.  is there anything I need to do first?

 

by: Richard_de_grootPosted on 2008-09-11 at 03:40:24ID: 22448167

"So I need to create 2? 1 for my 10.0.0.X and my remote sites which use 192.168.X.X?"
Yes.

Another thing I've noticed is that not all remote client machine appeares when I browse the network from here, the Head Office.  Is it also in connection with DNS problem?
Could be. Not entirely sure but can also have something to do with your firewall, master browser service or DNS.

After you added your reverse lookup in your DNS, restart your DNS services on your server. What do you get when you type in "nslookup" on your server?

Richard.

 

by: AstralWindPosted on 2008-09-11 at 03:50:32ID: 22448230

I have restarted my DNS services, DNS Server and DNS client, and done nslookup on the server but it still said "can't find server name", "none existant domain" and "default server: unknown"

 

by: Richard_de_grootPosted on 2008-09-11 at 03:53:01ID: 22448240

Make sure you filled in your own DNS ipaddress in the NIC properties of your network card. Can you do an IP-config /all on your server and post the outcome?

Richard.

 

by: AstralWindPosted on 2008-09-11 at 03:53:57ID: 22448248

Anything that I might be missing?  

I will add the reverse DNS for the 192.168.X.X now.

 

by: AstralWindPosted on 2008-09-11 at 04:16:26ID: 22448406

Yes it got its own adress as DNS. Here it is

Windows IP Configuration

   Host Name . . . . . . . . . . . . : alabsalsvr01
   Primary Dns Suffix  . . . . . . . : alabare.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : alabare.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server
apter
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.254
   DNS Servers . . . . . . . . . . . : 10.0.0.1
                                       10.0.0.2

C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 10.0.0.1: Non-existent domain
Default Server:  UnKnown
Address:  10.0.0.1

 

by: Richard_de_grootPosted on 2008-09-11 at 05:34:10ID: 22448954

What's installed on 10.0.0.2? Also DNS?

Can you post ipconfig /all from the workstations from the 10.0.0.x subnet?

Richard.

PS: What a bout the directory exclusions? Did you try in Kaspersky?

 

by: AstralWindPosted on 2008-09-11 at 05:45:35ID: 22449071

10.0.0.2 is also a DC and DNS.

Here is the result.  I have changed some of the info.

Windows IP Configuration

        Host Name . . . . . . . . . . . . : HQ-IN-DESKTOP01
        Primary Dns Suffix  . . . . . . . : alabare.local
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : alabare.local
                                            alabare.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : alabare.local
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast E
ernet NIC
        Physical Address. . . . . . . . . :
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.0.0.36
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : x.x.x.x
        DHCP Server . . . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.1
                                            10.0.0.2
        Lease Obtained. . . . . . . . . . : 11 September 2008 11:43:32
        Lease Expires . . . . . . . . . . : 19 September 2008 11:43:32

 

by: AstralWindPosted on 2008-09-11 at 05:48:31ID: 22449105

I haven't installed kaspersky 6.0 I have it scheduled tomorrow.  I will also uninstall and reinstall kaspersky 5.5 for exchange and see if that will make a diff.

 

by: AstralWindPosted on 2008-09-11 at 06:11:13ID: 22449370

what do you think about the ipconfig output?

 

by: Richard_de_grootPosted on 2008-09-11 at 07:00:47ID: 22449948

DC should always have a static ipaddress.
A DC should never have a DHCP address!!!!
This is far away from standards.

Why was there chosen for a domaincontroller on DHCP? Was there a special reason to it?
Why do you have two DNS servers on your local LAN? One should be enough. Any special reason for that?

Before reinstalling the products. Did you try to exclude the folders? Kill the processes and restarted the server?

Richard.

 

by: AstralWindPosted on 2008-09-11 at 07:23:46ID: 22450189

We have two DC here and both have static IP.  The physical servers both have DC and DNS Server running in them.

I think you miss took the last data I sent.  The last one is from a client PC that is why the DHCP is enabled.

I don't know about the 2 DNS the IT company set it up for us.  I don't know about special reason also in this regards.  I was just thinking that it could be for fault tolerance, would it?

Thanks alot Richard for your effort

 

by: AstralWindPosted on 2008-09-11 at 07:34:23ID: 22450315

I will install kaspersky anti-virus 6.0 tomorrow.  That is schedule I got from the management since the email will be affected they agreed for it on friday.

In Kaspersky Security 5.5 for Exchange I could not find a way to exclude a folder.  It doesn't seem to have that functionality

 

by: AstralWindPosted on 2008-09-12 at 04:20:37ID: 22458624

Hi Richard,

I tried nslookup again this morning and it did find the DNS server.  Probably it has not finished processing the settings yesterday when I've done the command.  Here is the output now;

C:\>nslookup
Default Server:  alabsalsvr01.alabare.local
Address:  10.0.0.1

 

by: Richard_de_grootPosted on 2008-09-12 at 05:28:21ID: 22459011

Ahhh GREAT. This is the way it should be :-)

Did you try this from your server? This output should also be seen on your workstation. Can you try?

Richard.

 

by: AstralWindPosted on 2008-09-12 at 05:48:46ID: 22459178

yap.... I did tried it from both and the same output.  

do I need to do anything else using nslookup to verify that it is working alright?

 

by: Richard_de_grootPosted on 2008-09-12 at 06:09:49ID: 22459373

Great!

"do I need to do anything else using nslookup to verify that it is working alright?"
Nope, should be fine like this.

Good luck on your install with Kaspersky.

 

by: AstralWindPosted on 2008-09-12 at 06:16:33ID: 22459428

Thanks Richard
I will post the result on monday... . .

thanks

 

by: AstralWindPosted on 2008-09-16 at 03:25:01ID: 22486719

Hi Richard,

I have already installed KAV 6.0 and have excluded the files you recommended.  I have checkout the processes and OutProcAdapters are still there with same memory usage.

Will turning off the anti-virus of Kaspersky for Exchange be ok in my case and let KAV6.0 take care of anti-virusing.  Disabling Kaspersky for Exchange anti-virus gets rid of the outprocadapter processes.  Any thoughts?

I was off sick yesterday and going home now I will post when I come back.

Thanks Richard

 

by: Richard_de_grootPosted on 2008-09-16 at 06:49:25ID: 22488330

Hi AstralWind,

I think if you disable your Exchange antivirus, your mailboxes will not be protected. Disabling them is maybe not an option.

Why not call support to ask the implication of turning off the Exchange option?

Hope you'll will be fine soon :-)

Richard.

 

by: AstralWindPosted on 2008-09-23 at 06:39:33ID: 22549139

Hi Richard,

I was support to post yesterday but its been a busy day.

I uninstalled the K Security and re installed it last Friday I thought it was already OK because all OutProcAdapter are just around 26MB each but I said I'll leave it for the weekend.  When I came yesterday they were back to 70+MB :-(. .. . .

Luckily they seem to have stabilized in size... .. .

Thanks alot for your help .. ..   I'll be awarding you the points. .. .

See you around.. .. . .

 

by: Richard_de_grootPosted on 2008-09-23 at 07:12:04ID: 22549515

Hi AstralWind,

It was my pleasure. Thanks for awarding me although I do not feel I helped you with a real solution. If you need anything else just let me know and I'll try to help you out as good as I can.

Have a great day.

Richard.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...