locked
new Process not Running immediately, suspended for e.g. 6 minutes RRS feed

  • Question

  • Hi, everyone,<o:p></o:p>

    I'm developing for a Company in Austria where on a customer Installation we have the Problem that when starting a new
    process (c#, assembly) sometimes (about 1 time per 200 starts I think ) the process doesn't come into running state for a long time ( about 6 minutes ) and then runs as usual. The program runs in a domain Network, client machines with windows7 32bit.<o:p></o:p>

    I've seen that the process seems to be loaded but I saw it stayed in kernel mode. 

    Symantec Endpoint Protection is running on the machines.<o:p></o:p>

    Can this be due to running in a domain (some rights Management Problems) or Virus scanner? The problem isn't easy to reproduce, so far we could log only one occurrence.<o:p></o:p>

    How can we detect who is responsible for this behavior, what can be the reason, how could it be resolved?<o:p></o:p>

    <o:p> </o:p>

    Andreas

    Friday, May 20, 2016 6:37 AM

All replies

  • Can this be due to running in a domain (some rights Management Problems) or Virus scanner?

    I'd suspect the virus scanner software.

    The problem isn't easy to reproduce, so far we could log only one occurrence.

    All you can do is to try (and try again) without the suspected culprit
    and see if it goes away.

    How can we detect who is responsible for this behavior, what can be the reason, how could it be resolved?

    Without having a good guess as to the culprit and how it works you'll
    be flailing wildly.

    I'd suspect occasionally the AV is doing some network lookup that's
    timing out - but that's just a wild guess!

    Dave

    Friday, May 20, 2016 9:34 AM
  • thx's Dave,

    I suspect this too, unfortunately we don't have control over customer domain Network, therfore I think about to make some Memory dump of the process if I can detect this hanging. But I don't know if the launching program has enough rights to do this and if the process is already visible.

    Andreas

    Monday, May 23, 2016 7:55 AM
  • >... therfore I think about to make some Memory dump of the process if I can detect this hanging.

    Assuming you could do that, what are you thinking it might show you? I
    suspect whatever's holding things up might not be easy to identify.

    I think the most expedient course of action would be to ask the
    customer to conduct some tests on their system with a machine without
    the AV and see if it ever occurs (within the realms of how infrequent
    it already is).

    Other than that, try the AV product in your own environment - but that
    may be ineffective if you can't repro it because the issue only shows
    up in the customer's infrastructure.

    Another course of action, would be to monitor for network traffic on
    the affected system - but that presumes you have some idea what to
    look for.

    Dave

    Monday, May 23, 2016 10:33 AM