Kaspersky KIS 2015 "avp.exe" hogging clockcycles; e-mail reception slows to trickle

[BonzaiDuck]

I have two family members living with me here: Moms will have her 90th birthday in a few days; my brother has a crippling illness and can no longer work. They both worry me with their e-mail and web-browsing habits.

Their machines are C2D-era Wolfdale systems. Bro often leaves his Outlook browser open while allowing the system to sleep, then hibernate. Moms is Publishers' Clearinghouse and health-quack web-site obsessive.

We'd just updated their Kaspersky to 2015 in January with a 5-PC license I bought from a reputable reseller [download and e-mailed activation key].

I began to notice that Bro's system -- with E8600 CPU -- would get choked up with KIS's AVP.exe hogging 99% CPU usage. Restarting the system would make it behave normally again, but the problem would reoccur. I've uninstalled then re-installed KIS 2015. Last week, I finally decided to mothball Bro's old Wolfdale, which I replaced with an i5-3570K system, freshly installed OS and software -- including KIS.

Today, I found the same thing happening with Mom's system: CPU usage pegging at 100% from avp.exe. I was now able to identify how or when the problem emerges: each family-member favors an e-mail account from different ISPs, while our overall internet access is provided by one of the two.

Spam and other mail may pile up before they open Outlook and download it. The "receiving" process seems to get stuck, at which point KIS avp.exe is hogging all the clock-cycles.

KIS had always had good reviews, and we've been using it for more than eight years. Even so, a recent comparison at PC Magazine seems to show that it's "still a contender," with criticisms focused mostly on pricing.

Does anyone have some insight into this problem? I've yet to install the KIS 2015 on my two desktop systems, but I did install it on my laptop, which so far shows no trouble.

And I'm wondering if there isn't some "virus going around," so that KIS might be not only preventing the download, but stalling the overall e-mail reception process in Outlook.

 

[Ketchup]

Interesting. I ran a trial of it on the rig in my sig late last year, and didn't have any issues. One thing I didn't care for was that I didn't find a way to "cut it down." I'll admit that I didn't look super hard, but I noticed that it would not let me disable the Firefox extensions as well (this was simply going into Add-ons screen and trying the disable option).

So my advice would be to try doing what I couldn't - try to install it with the AV only and see if that makes a difference.

I am curious though - if you run a full scan on the affected machines, does it find anything?

 

[BonzaiDuck]

Interesting. I ran a trial of it on the rig in my sig late last year, and didn't have any issues. One thing I didn't care for was that I didn't find a way to "cut it down." I'll admit that I didn't look super hard, but I noticed that it would not let me disable the Firefox extensions as well (this was simply going into Add-ons screen and trying the disable option).

So my advice would be to try doing what I couldn't - try to install it with the AV only and see if that makes a difference.

I am curious though - if you run a full scan on the affected machines, does it find anything?

No -- it never did. I had tentative suspicions that the configuration was the source of the trouble, when it may have been scanning all the network drives for which Bro's computer didn't have access. If the server is protected with its own AV and firewall, there would be no need, and KIS can be tweaked to avoid scanning "removable" and network drives.

The other thing I noticed: the default "Scan" configuration had "My e-mail" unchecked, while KIS was otherwise configured to scan all incoming and outgoing e-mail.

I could certainty try turning off the KIS firewall and using that of Windows itself.

As for Outlook. It can be configured to either download messages from the ISP mail server, or to leave the mails there. The problem with spam and similar drivel: it complicates your need to maintain local copies of "important" stuff -- like your monthly e-mailed utility bill.

I'll get back to this thread later after I check to see if "Maintenance" I'd done has eliminated the problem with the clock cycles. It's just odd that the problem seems to occur on two old C2D Wolfdale systems, but there's no evidence of it on my two SB-K systems. As for Bro's new IB-K replacement, like I said -- I'm about ready to check via Remote Desktop.

Wrong time of the morning to disturb Bro by entering his room to look at his PC directly.

And -- "PS" -- We've gone through a reconfiguration of the LAN here, taking all the systems out of "Homegroup" and expunging HomeGroup from everything. I wouldn't know for sure if this might have had something to do with it, and it doesn't even seem intuitive to me that there's anything about the changeover that would affect either web access or e-mails.

 

[John Connor]

I have never bought an anti-virus product. Currently I use Bitdefender Free and it seems pretty good. It's cloud based and if you run across a website with malware Bitdefender will stop you from loading the page and ask if you want to load the page anyway.

As for a firewall Comodo firewall is what I have used. I can't use their latest as you don't have the option of not installing the Defense Shield upon install. I can't use the Defense Shield because it messes with my Alcohol 120% virtual drive. Even if I disable the Defense Shield. It's the install that adds something or does something. I've been meaning to mention this on the Comodo forum.


You should have your mom and Bro use sandboxie in the browser for added protection. This is what I have for my parents. I have them use Pale Moon and installed NoScrip. But I disabled NoScript which still offers basic protection. But since they run the browser in Sandboxie and have Bitdefender installed I figured I'd lessen the cumbersomeness. When I had NoScrip on by default and even allowing base 2nd level domains by default it was still cumbersome and I always had to show them how to temporally allow scripts. But like I said disabling NoScrip allows scripts, but still offers XSS protection, etc.

On top of all that I have them use OpenDNS which is handed out via the router.

 

[BonzaiDuck]

I have never bought an anti-virus product. Currently I use Bitdefender Free and it seems pretty good. It's cloud based and if you run across a website with malware Bitdefender will stop you from loading the page and ask if you want to load the page anyway.

As for a firewall Comodo firewall is what I have used. I can't use their latest as you don't have the option of not installing the Defense Shield upon install. I can't use the Defense Shield because it messes with my Alcohol 120% virtual drive. Even if I disable the Defense Shield. It's the install that adds something or does something. I've been meaning to mention this on the Comodo forum.


You should have your mom and Bro use sandboxie in the browser for added protection. This is what I have for my parents. I have them use Pale Moon and installed NoScrip. But I disabled NoScript which still offers basic protection. But since they run the browser in Sandboxie and have Bitdefender installed I figured I'd lessen the cumbersomeness. When I had NoScrip on by default and even allowing base 2nd level domains by default it was still cumbersome and I always had to show them how to temporally allow scripts. But like I said disabling NoScrip allows scripts, but still offers XSS protection, etc.

On top of all that I have them use OpenDNS which is handed out via the router.

That's all pretty good if you were able to manage it. I've been able to keep my systems malware-free for decades -- or so I think. Around 1994, in a government office "inside the Beltway," somebody from the "Deputy Under-secretary for Management's" office handed me a floppy disk with data I needed, and my office system was promptly infected with the "Stoned" virus. I had it cleaned up in 2-hours' time, but it was a "heads-up." I was moonlighting for teaching nights at a local university in IT-related fields; my Asian students would return from China after the Xmas holidays, and there'd be a sudden infection from two types of viruses -- biological and digital. I got flu shots annually; and I had our lab computers locked down with every precautionary procedure I could think of.

After that, I'd retired and had an old friend from high-school who'd "stayed local" pursuing a career as a sheriff's deputy in a neighboring county. That was around 2003, when I got an e-mail from his "county" which seemed obvious for being a viral proliferation. Simple deduction led me to conclude that it had picked up my e-mail address from his contacts list: he was still employed with his county as a gun-range instructor. When I contacted him, the response was "H-e-l-l-ppp! My computer is infected!" So -- we cleaned up his KLEZ infction.

Norton-Symantec -- about that time -- was leaving its body parts in the registries of computers when you tried to remove it, and the version at that time was also hogging clock cycles. So trial and error led me to KIS.

I'd like to get robust security "for free," but I can't afford to experiment with a household of five workstations and a server. So -- instead of renewing directly with Kaspersky, I shop for OEM and valid download licenses, such as one might find at BuyCheapSoftware.com.

With the 5-pc license, the price was less than $50 and that's about $10-per-workstation per year. The server is protected with ESET NOD32 in the middle of a 2-year license.

I was able to check Bro's system this morning, and it all looks tip-top. Unfortunately, I also discovered that The Win7 Home Premium install I used for his new system doesn't permit access with Remote Desktop from one of the "Pro" systems. And now, I fear if I "Upgrade" it to his original "Pro" version, the telephone solution to re-activation won't work because the system is already registered with the Home Premium. It appears that "Anytime Upgrade" has evaporated, although I should be able to "Upgrade" with another virgin OEM "Pro" install. An unpleasant expense, though.

But that's another problem. Pushing the fam-damn-ily to Win 8.1 is not an option now. As anyone can guess, older folks (and even I) aren't particularly eager to embrace "change." And if I go that route or "Windows 10," it has to be the whole household together with the server OS.

Back to topic: Anyone has further observations about this e-mail/Kaspersky anomaly -- please post. The problem seems to have disappeared for now, but in a digital context, that's no assurance of anything.

And "off-topic" again with a "PS:" I'll post my questions about "VNC" or "RealVNC" on the appropriate forum, but any observations about THAT are also welcome here.

 

[KeithP]

You are using their "internet security" product not just the basic anti virus software correct? You might try removing KIS and installing just the basic av software trial to see if the problem persists (as ketchup79 mentioned).

I am not a fan of any company's full blown security suites. It seems these suites frequently cause problems with all the protections they try and put in place. Protections that are often of questionable value.

You could also try turning off various features of KIS until you find the feature that is causing the problem. Then, depending on what it is, you can either just leave it off or, if you feel it is important, do more trouble shooting.

-KeithP

 

[BonzaiDuck]

You are using their "internet security" product not just the basic anti virus software correct? You might try removing KIS and installing just the basic av software trial to see if the problem persists (as ketchup79 mentioned).

I am not a fan of any company's full blown security suites. It seems these suites frequently cause problems with all the protections they try and put in place. Protections that are often of questionable value.

You could also try turning off various features of KIS until you find the feature that is causing the problem. Then, depending on what it is, you can either just leave it off or, if you feel it is important, do more trouble shooting.

-KeithP

This is all good advice -- and I'd probably offer the same, barring less uncertainty and more knowledge about the actual problem.

I'm unashamed in offering a plug for an outfit with robust software and good tech-support. Let me explain.

Just after I posted my lengthy response to John Conner today, I created a support ticket at the Kaspersky web-site seeking "guidance."

That was only a few hours ago. 15 minutes ago, I checked my e-mail inbox to find "more than an automated response," and from an actual tech-support rep.

Apparently, they are "all over" this problem of the AVP.EXE module hogging CPU usage and clock cycles -- like flies on shit -- like maggots on a dead bunny -- like white on rice . . . They've already been working on the solution.

There MAY be a patch available for the KIS 2015 version, but they're unsure exactly when it would be ready. The 2016 version will have resolved the problem, but won't be released until mid to late summer this year.

THE IMMEDIATE SOLUTION: Uninstall KIS 2015 and install KIS 2014. The 2014 installation will tell you of a "new version" (2015) and ask if you want to download it. At that point, you skip the new version. The malware-database and same-version program updates should then be initiated and allowed to complete. If during the 2015 uninstall, one chose to "keep the licensing information," the 2015 license (in my case, for 5 PCs) applies to the 2014 version, and all is wonderful.

Truth be told, I'm not sure what to think anymore. Some Russian company develops and markets this security program, and then incorporates in the USA. The Russians and Israelis had always been a bit "at odds," but it was an Israeli IT-security-evaluation firm that had touted KIS performance when I first started using it.

And it boils down to this: Before I switched from Symantec to KIS, I tested some five different security suites. I've become comfortable with KIS, and except for this "AVP.EXE 99%" problem, it had always been robust. And -- boiling down to the thickest sauce of all -- old farts like myself don't embrace change so easily. After what I've been through in project after project for the last several months, I don't want to be speed-testing AV-firewall programs in sequence until I find another that floats my boat.

But KIS 2014? It floats. And so does their tech-support. Saves me a lot of trouble, with all this!

And I'll be candid. I told the tech-rep I was going to post this here on the thread I started. It helps the users -- it helps Kaspersky -- and they've helped me for some eight years.

UPDATE: I'm often given to using 1,000 words when 50 will do. For those folks who are Kaspersky users, however disgruntled you may be at the current bug in the 2015 version that causes AVP.EXE to peg at 100% CPU Usage under certain activities, I'm pretty sure now that version 15.0.1.415 does not contain the bug or the problems that result from it. The culprit is version 15.0.2.361. This might mean that dropping back to version 2014 is less than necessary, if you either have version 15.0.1 or you can find the download for it. KIS tech-support -- the individual with whom I had correspondence -- may not have known precisely which 2015 version was "good" and which was "bad." The safest thing to do, therefore, would be to choose the 2014 release.

Ultimately, there would be no difference in protection between last year's and this year's version. Kaspersky offers version updates to any licensed user in the middle of their subscription period. Anyone whose license doesn't run out by summer's end can expect free upgrade to the 2016 version.

 

[Ryland]

I had been running KAV 2015 and found that it would take thunderbird quite a long time to download an email. My company switched to Avast and now emails download in a second or two. I had this problem since KAV 2014 so its not a specific version issue.

 

[bononos]

I have two family members living with me here: Moms will have her 90th birthday in a few days; my brother has a crippling illness and can no longer work. They both worry me with their e-mail and web-browsing habits.

Their machines are C2D-era Wolfdale systems. Bro often leaves his Outlook browser open while allowing the system to sleep, then hibernate. Moms is Publishers' Clearinghouse and health-quack web-site obsessive.
.......

Have you considered installing a linux if all they do is web browsing/videos and use a word processor occasionally?
I had to change the root password because my dad is unable to suss out phishing scams in his email. Got locked out of his email twice because of it but he's more wary now I think.

 

[lxskllr]

Have you considered installing a linux if all they do is web browsing/videos and use a word processor occasionally?
I had to change the root password because my dad is unable to suss out phishing scams in his email. Got locked out of his email twice because of it but he's more wary now I think.

That's what I did on my mother's machine, and it foiled a manual 'Windows Support' phone scam. A/V software can't do that.