100% Disk Usage

  • 1
  • Problem
  • Updated 4 weeks ago
  • In Progress
  • (Edited)
100% Disk Usage

Problem: High disk usage using Trend MicroTM Antivirus+ 2018, 100% for many minutes at a time intermittently on Win10, Dell unusable during these periods, not associated with any TM scan.

Dell Inspiron.
GCRF-I660-3042BK.
Win10.
TM version: 12.0.1226.

Attempted solution:

  Found no 3rd party programs to remove.

  Uninstalled TM with supporttool.

  Ran Remnant File Remover Tool.
  
  No help.

Observation: It appears CoreServiceShell.exe is (read) hammering my pagefile.

Attempted workarounds: Adjusted pagefile to various sizes including auto.

None of the above helped at all.

Successful workaround: Disabled pagefile. (Enabled, disabled several times to prove cause and effect to be clear.)

Questions: 

  01)
  Are you aware that pagefile can be a problem?

  02)
  Do you have a fix in progress?
  
  03)
  Would you like to provide me a TM debug version to help you gather data and troubleshoot?
  
Thanks. Chip.
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb

Posted 1 month ago

  • 1
Photo of TM_X

TM_X, Official Rep

  • 856 Points 500 badge 2x thumb
Hi ircil56

Welcome to Trend Micro Community! 

The CoreServiceShell.exe shouldn't occupy 100% of the disk. Would you please replicate the process on your end and post a screenshot of the disk utilization here? 

Also, for us to verify this, may I know if you are referring to the pagefile.sys? If so, how did you alter its size? 

Thank you and we'll be waiting for your response! :) 


Trend Micro Home Users Community 
Photo of dianechris343

dianechris343

  • 120 Points 100 badge 2x thumb
MY  COVERAGE IS NOT EXPIRED-- FIX THE DAM PROBLEM OR I WANT MY MONEY BACK NOW!!!
Photo of TM_Ian

TM_Ian, Employee

  • 3,696 Points 3k badge 2x thumb
Hi dianechris343,

We have already sent a reply on your post. Please check.

Thank you!

Trend Micro Home Users Community 
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
I assume pagefile.sys. 
Here is how I changed it:

Control panel.
Advanced system settings.
Advanced.
Settings.
Advanced.
Virtual memory.
Change.

All options tried:

Auto.

Custom size.
  2000 - 12000.
  
System managed.

No paging.

See screenshots following.
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0000 Pagefile
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0001 Task - Soon After Boot
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb

0002 Resource - Soon After Boot
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0003 Task After Overnight
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0004 Resource After Overnight
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0005 Task After Chrome Page
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb


0006 Resource After Chrome Page
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
I found that Trend and the PC were fine for several day even with the pagefile back on auto.

But then I accessed a web page using Chrome and the PC was at 100% disk usage for 5+ mins. (See above screenshots).

https://cosmicpunk.bandcamp.com/track/too-much

Pagefile was at the top of the Resource Monitor list and being hit hard by CoreServiceShell.exe.

I could not reproduce the problem by simply accessing the web page again.

Perhaps if I experiment I can reproduce the problem, but that seems like more of a TM function.
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 15,642 Points 10k badge 2x thumb
Hi ircil56

Would you try this setting and see if that helps.




Kind regards,
Tom
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
Hi Tom, I have made the change in TM settings from Balanced Protection to Extra Security and have rebooted.

May I ask, what are the details of the theory are you looking to pursue with this setting experiment? Thanks. Chip.
(Edited)
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 15,642 Points 10k badge 2x thumb
Hi ircil56

This way TM is at the beginning of the startup, so other  drivers and services ar started after TM.

Hope this worked for you.

Kind regards,
Tom
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
What is it about the different sequence of events that you think will make a significant difference exactly? Can you describe a scenario where something goes wrong vs. a scenario where TM is able to function properly? You are welcome to provide as much detail as you want. Thanks. Chip.
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 15,642 Points 10k badge 2x thumb
Hi ircil56

I Betatest for a long time for TM (about 20 years) and when I once had similar problems this was asked by a TM employee to try this and that worked. That is why I advise people to do this more often. But to get an answer to which programs and in which order you will have to ask a TM Tech. Have you already had contact with a TM tech? Usually they can help you if you use the diagnostic toolkit to reproduce the error while the toolkit is on debug and a debug file is created. The last time I had a problem a TM tech logged in with me and solved the problem nicely.
Good luck.

Kind regards,
Tom
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
Got it thanks.

No one has said anything about using a diagnostic toolkit. I'd be happy to run that. Is is something I can do on my own and attach the results for review or do I need TM to deliver it to me?
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 15,642 Points 10k badge 2x thumb
Hi ircil56

It is in your TM programs map!
Can do several things with it.
run "Suporttool" and it is there!
Good luck, i go to my bed ;)

Kind regards,
Tom
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
OK great, I have started collecting data with the Diag Toolkit. It may take a while for the problem to occur again. TM_Josephine, how do I PM you these logs so as not to expose personal info to the forum? Thanks. Chip.
(Edited)
Photo of TM_X

TM_X, Official Rep

  • 856 Points 500 badge 2x thumb
Hi ircil56

Thank you for taking the time in replicating the process and sending us the screenshots. Please send us the logs as a reply to the email that I sent you. Thank you in advance!

Thanks to you, Tom Emmelot! You've been very helpful! :) 

Trend Micro Home Users Community  
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
Done.
Photo of Max Slo

Max Slo

  • 4,288 Points 4k badge 2x thumb
-I'm not a Trend Micro representative, but I like to give you some suggestion-

Hi Ircil56,

1- what I see is that there are a lot of .msp running, so Trend Micro is running (and requiring resource) to check at them!

You have a very lot of msp that are upgrading a lot of program files via the Microsoft Installer. 

This is why you have a lot of load on your HDD.

I think it is not related to Trend Micro issue, just wait that these updates ends. 

:)

2- What is your PC installed RAM? Some time after boot all seems to be normal except for the pagefile sys. No needs to investigate on others. 
Set a Virtaul Memory using the RAMx2,5 rule in both minimum and maximum, or leave it at default. 

3- Delete all the files located in %TEMP% and TEMP folders.

4- If a service named Prefetch (services.msc) exist, stop and disable it. 

5- Reboot and check. 

Be sure to complete all the running updates before! 

Be sure to have free space on drive to manage the pagefile sys!!!!!!!!!

How many application are you using? Check at startup under msc or task manager. This maybe a simple... RAM full 'problem', not a really issue.
 Disable unused programs to run booting windows. 

What is, some time after boot, the RAM percentage? It will skyp to pagefile reaching approx 80%. If you reach this easily, so you have too much apps ruuning... 

Are you sure your system is rootkit-virus free? Scan using HouseCall if needed. 

Check and paste screenshots of latest Application Log under Event Viewer if you want, it may helps

ALTERNATIVE: How many HDD do you have in that PC? Try to locate the pagefile  file on another drive, if you have another drive to do so. Disable it on Windows Drive and set it on another.  :)
(Edited)
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
Virtual memory? In Win10, is that the same as automatically managing paging?
Photo of Max Slo

Max Slo

  • 4,288 Points 4k badge 2x thumb
-I'm not a Trend Micro representative, but I like to give you some suggestion-

Yes, rootkit protection is OK. HouseCall may be a good idea to check the system if Trend Micro program is corrupted in some way. 

RAM is 8G but the amount of RAM used in idle conditions? 

Honestly I have few ideas: 
- infection
- RAM malfunction (so the system seems to be afflicted cause it switches to use Virtual Memory too easy. In this codition all is slow cause obviously Virtual Memory is not so fast...)
- Too much RAM is used also in normal conditions

Application and System logs may be very helpful. 
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
Not sure exactly what idle means here, but currently 3.5/7.9 GB RAM with my typical apps running.
(Edited)
Photo of Max Slo

Max Slo

  • 4,288 Points 4k badge 2x thumb
Send me your Application and System logs, if you want (and if TM will not ban me...)  
aeroplanino78 et gmail.com
:)
(Event Viewer, open Apllication and save, the same with System).
You will have 2 x EVTX files.
(Edited)
Photo of ircil56

ircil56

  • 390 Points 250 badge 2x thumb
I disabled Superfetch in January, 2018, no help.
(Edited)