Jump to content


Photo

microsoft security essentails scan time

WAY to fast

  • Please log in to reply
19 replies to this topic

#1 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 09:30 AM

so i turned my computer on and i told mse to update and run a scan and i noticed after 2 minutes it had burned thru almost 250,000 files. Generally a scan takes about 13 minutes to complete for my computer its now doing it in half the time which is great but in concerns me on why its doing it so fast when nothing on the computer has changed.

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 March 2012 - 10:20 AM

Hello fivealive,

One wonders if the MSE scan engine would have been "souped up" via a very recent update. If I were you, I'd be posing your question on the MS Answers forum for MS Security Essentials
http://answers.micro...rotect_scanning
The "regulars" there may have a better clue.
Cheers.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 goldhound

goldhound

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 2,300 posts
  • Gender:Male
  • Location:Canada

Posted 29 March 2012 - 10:28 AM

I also see MSE taking under a minute to do a quick scan on my (fairly new) win 7 laptop. Concerned me a bit.
MBAM Paid edition

#4 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 12:05 PM

I was running a full scan. I will admit I generally don't watch the scan but I took longer then normal to close the program, so as I went to close it I noticed how quickly it was burning thru the files.

The computer is like 4 months old got it back in december. Maurice you could be correct I had just updated. The program.

#5 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,256 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 29 March 2012 - 12:22 PM

It is possible, and I don't know this for a fact, is MSE White Listed files that were scanned and proved original Microsoft OS files. Subsequent scans then "skipped" these files as they had not changed since the last scan.
David H. Lipman
DLipman@Verizon.Net

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 March 2012 - 12:46 PM

@fivealive & goldhound
What is your version details on MSE ?

Here is mine
Security Essentials Version: 2.1.1116.0
Antimalware Client Version: 3.0.8402.0
Engine version: 1.1.8202.0
Antivirus definition: 1.123.664.0
Antispyware definition: 1.123.664.0

On an old Compaq laptop, Win XP (2 GB RAM) a quick scan with MSE took about 9 minutes.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 02:02 PM

my version details is as follows :

Security Essentials Version: 2.1.1116.0
Antimalware Client Version: 3.0.8402.0
Engine Version: 1.1.8202.0
Antivirus definition: 1.123.664.0
Antispyware definition: 1.123.664.0
Network Inspection System Engine Version: 2.0.8001.0
Network Inspection System Definition Version: 11.0.0.0

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 March 2012 - 02:56 PM

You are current, then.

per "rhab" on MS Answers, the version #s I listed are the current ones (at the current time).
In addition, he provides the following resources.
Antimalware Engine Notifications
http://blogs.technet...0-mar-2012.aspx
Antimalware Engine 1.1.8202.0 is released to all Microsoft Security Essentials and Forefront Client Security, Forefront Endpoint Protection, Windows Intune Endpoint Protection customers on 20 Mar 2012. Signature package 1.123.0.0 is the first that contains this engine.


Microsoft Malware Protection Center-Definition Change Log
http://www.microsoft...s/WhatsNew.aspx
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 goldhound

goldhound

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 2,300 posts
  • Gender:Male
  • Location:Canada

Posted 29 March 2012 - 03:02 PM

My version is identical to fivealive's.
MBAM Paid edition

#10 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 03:18 PM

Thanks for the answers to mse questions.

Now to figure out what the rundll32.exe is for

Right clicking on it and clicking on show services in task manager tells me nothing

#11 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 29 March 2012 - 03:27 PM

You can use a tool such as tasklist.exe (command line tool built into Windows) to see what modules are loaded under rundll32.exe. It is an application used for running DLL's as processes (executables) and is an essential system component.

For info on how to use tasklist, just open a command prompt (START, then type cmd and press Enter) and type tasklist /? and press Enter.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,256 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 29 March 2012 - 03:28 PM

Dynamic Link Libraries (DLL files) are executables that have have a series of functions. There are a few ways they are loaded...

1. An EXE file calls a routine from that DLL and the EXE will load that DLL into memory and use said routines

2. Register the DLL into the system, such as; regsvr32.exe mydllname.dll

3. Run the DLL by loading RUNDLL32.EXE and load the DLL routine such as; rundll32 mydllname.dll,myroutine

RUNDLL32.EXE is a legitimate OS file and is found in; c:\windows\system32 if RUNDLL32.EXE is executed from a different location, it is probably malware.
David H. Lipman
DLipman@Verizon.Net

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 March 2012 - 03:29 PM

Why are you looking at rundll32 ?? It is a "component" of Windows.
When you open Task Manager, you may see Rundll32.exe entry in the Processes tab. Or, you may see it elsewhere.
Rundll32.exe is a valid system file which executes a DLL.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 04:06 PM

I was curious about what it is and iv been checking out all the processes in task manager trying to learn about then. I'm curious about it is all (and probably a bit paranoid).

#15 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 29 March 2012 - 04:22 PM

Well, infections (and MANY) other programs can certainly use rundll32 in order to execute, but that doesn't make rundll32.exe in and of itself a risk. You can actually learn a lot about how it works by looking at the modules loaded under its process (as described by myself and David above). I just don't recommend trying to terminate anything or unload any modules, but there's certainly no harm in looking.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 29 March 2012 - 04:26 PM

yeah i have no intention in stopping the process since i dont know what was running it. but best way to learn is to go digging and looking

#17 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 30 March 2012 - 06:37 AM

so ran tasklist and this is what i found


rundll32.exe 1492 ntdll.dll, kernel32.dll, KERNELBASE.dll,
USER32.dll, GDI32.dll, LPK.dll, USP10.dll,
msvcrt.dll, imagehlp.dll, IMM32.DLL,
MSCTF.dll, nvinitx.dll, ADVAPI32.dll,
sechost.dll, RPCRT4.dll, shell32.dll,
SHLWAPI.dll, uxtheme.dll, dwmapi.dll,
ole32.dll, CRYPTBASE.dll, CLBCatQ.DLL,
OLEAUT32.dll, CRYPTSP.dll, rsaenh.dll,
RpcRtRemote.dll, actxprxy.dll, comctl32.dll


no clue what any of it means

#18 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 30 March 2012 - 12:43 PM

Well, all of those DLL's are loaded by RunDLL32.exe. If you wish, you may do some research as to what each file is. I suggest using a search engine, though not all results will be reliable (some sites simply say that any file you search for is or could be an infection, even when the file you're searching for is a perfectly safe system file).

The following sites are reputable and will let you know info about each DLL, and if a file is listed, that means that a file by that name exists within a default installation of the operating system:

Windows 7 DLL File Information
Windows XP DLL File Information
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 30 March 2012 - 12:45 PM

alright thanks i did create a dump file of it here



edit cant upload since its to big

#20 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 30 March 2012 - 12:53 PM

so heres a list of dll files in that isnt listed on that site

nvinitx.dll


and doing a search for the file on my computer and opening up its properties brings up the digital signature as belonging to nvidia which makes sense since one of my graphics cards is an nvidia card.


thanks for all the help exile im learning quite a bit by doing this thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users