Jump to content


Photo

WFPDIAG.etl activity


  • Please log in to reply
10 replies to this topic

#1 Texdude

Texdude

    New Member

  • Members
  • Pip
  • 5 posts

Posted 07 July 2011 - 07:59 AM

Hi all,
Just wiped my computer and reinstalled everything. Noticed that there was constant hard disk activity due to some continuous program reads and traced it back to process wfpdiag.etl (which I understand to be the built in windows firewall event trace log). Since I only had a couple of programs loaded so far, it was easy for me to determine the cause. Once the MBAM program was shut down, the excessive hdd reads were eliminated. Has anyone else noticed this same problem?

I'm using W7 Professional 32-bit, if it matters.

#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,967 posts
  • Gender:Not Telling

Posted 07 July 2011 - 08:01 AM

Hello and welcome, texdude:

What AV are you running?

Is this a company computer, by any chance?

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 Texdude

Texdude

    New Member

  • Members
  • Pip
  • 5 posts

Posted 07 July 2011 - 08:23 AM

I'm running Avast for AV and no, not a company computer.
Thanks.

#4 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,967 posts
  • Gender:Not Telling

Posted 07 July 2011 - 08:30 AM

OK, thanks for the info.
And we will assume you aren't infected, as this is a new OS install.

Let's start with the easiest step first, which is to set up the reciprocal exclusions for Avast and MBAM.

sometimes, it's helpful to first cleanly uninstall MBAM, and then reinstall it with Avast temporarily disabled, then set the exclusions, and then re-enable Avast.

But let's see if this doesn't fix it first, with both programs already installed, as it will save a couple of steps.

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus 6 (Free, Pro and Internet Security):

  • Open Avast! antivirus and click on REAL-TIME SHIELDS on the left
  • Click on File System Shield on the left and click on Expert Settings
  • Click the Exclusions section
  • Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
  • In the Select the areas window click on the + next to C:
  • Click the + next to Program Files Note: For 64 bit Windows versions this will be Program Files (x86)
  • Click the box next to Malwarebytes' Anti-Malware and click on OK
  • Click OK again
  • Click on Web Shield on the left and click Expert Settings
  • Click on Exclusions and check the box next to URLs to exclude:
  • Type or copy/paste the following address:

    *.mbamupdates.com
  • Click on OK

    Also, for Avast! Internet Security:
  • Click on Behavior Shield on the left and click Expert Settings
  • Click on Trusted Processes
  • Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
  • Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
  • Do the same for the following files:

    • mbamgui.exe
    • mbamservice.exe
  • Click on OK
  • Close Avast! antivirus


Set Exclusions for Avast! Antivirus Free, Pro and Internet Security in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click on the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on avast software and click on OK
  • Close Malwarebytes' Anti-Malware

EDIT: I'd probably reboot at least once for good measure after doing this.
;)

Please let us know how it goes,

Thanks!

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#5 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,967 posts
  • Gender:Not Telling

Posted 07 July 2011 - 09:15 AM

Hi, again, texdude:

I'm going offline for a while.
Don't want to leave you dangling...

So, if what I suggested earlier doesn't work, then I would try the following, using the information in that earlier post for steps #6 and #8.

Please post back with the results, either way.
If none of this works, then another member or expert will be more than happy to assist you. :)

MBAM Clean Re-installation Instructions:

NOTE: You need to be logged in as an administrator.

1. Download and run mbam-clean.exe from here.
Note:It will ask to restart your computer; please allow it to do so -- very important!
2. After the computer restarts, temporarily disable your Anti-Virus (AV) and install the latest version of Malwarebytes' Anti-Malware from here. (Note: Ignore any promos or ads for other software/products at the mirror sites; and there is no fee to download MBAM Free.)
Note: You will need to reactivate the program using the license you were sent via email, if you are using the PRO version.
3. Launch MBAM (and set the Protection and Registration, if you are using the PRO version).
4. Go to the UPDATE tab, if not done during installation, and check for updates.
5. Restart the computer again (and, if you are using the PRO version, verify that the MBAM icon is in the system tray).
6. Set up any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications. You may use the guides posted in the FAQs here, or ask and we'll explain how to do it. (Specific steps depend on the AntiVirus software vendor & version, and on your computer's OS).
7. Restart your Anti-Virus/Internet-Security applications.
8. Add the program folder(s) for your AV and FW to MBAM's "Ignore List".(Let us know if you need help with this.)
9. Set up your scheduled updates & scheduled scans (this only applies to the PRO version). Scheduler help is available here.
10. Run an MBAM Quick Scan.

Hope this helps,

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#6 Texdude

Texdude

    New Member

  • Members
  • Pip
  • 5 posts

Posted 07 July 2011 - 09:25 AM

Ok, followed your instructions and added exclusions to Avast & MBAM (then rebooted), but there is still data being read consistently from the hdd disk according to resource monitor. The only file doing the read is wfpdiag.etl, and when I shut down mbam it goes away. Perhaps it's normal activity and I can somehow eliminate the wfpdiag file?

Thanks!

#7 Texdude

Texdude

    New Member

  • Members
  • Pip
  • 5 posts

Posted 07 July 2011 - 10:00 AM

Ok, took your last advice about uninstall then reinstall mbam - but resource monitor still showing some disk activity. I'm guessing that it may be easier now to just start from scratch and go back to a clean install of W7 OS. I'll install one app at a time until I figure out where the disk activity originates (ugh). I plan to install OS first, then MBAM, then Avast to see if it makes a difference. I'll post in this forum later what happens.

Regards.

#8 Texdude

Texdude

    New Member

  • Members
  • Pip
  • 5 posts

Posted 07 July 2011 - 02:41 PM

Ok, I did a clean install of W7 OS with no other software installed (no AV installed) and there is still some thrashing of the hard drive for WFPDIAG.etl. I did add exceptions to the windows firewall for mbam.exe, mbamservice.exe, and mbamgui.exe. I'll keep trying different solutions but if I can't find one then I'll probably just uninstall and move on...

#9 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,967 posts
  • Gender:Not Telling

Posted 07 July 2011 - 07:55 PM

Hi, texdude:

Sorry you're still having problems.

I'm just a home user and am not sure what to suggest next.

Please don't give up -- we will await input from someone more expert than I. :)

In the interim, if you prefer, you could open a help desk ticket by sending an email to support@malwarebytes.org. They will provide one-on-one assistance.
(If you opt for this, please post back here and let us know, so the mods can lock this thread.)

Thanks very much for your patience,

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#10 ksiemb

ksiemb

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 225 posts
  • Gender:Male
  • Location:Northeastern Ohio USA

Posted 08 July 2011 - 08:21 AM

Hi all,
Just wiped my computer and reinstalled everything. Noticed that there was constant hard disk activity due to some continuous program reads and traced it back to process wfpdiag.etl (which I understand to be the built in windows firewall event trace log). Since I only had a couple of programs loaded so far, it was easy for me to determine the cause. Once the MBAM program was shut down, the excessive hdd reads were eliminated. Has anyone else noticed this same problem?

I'm using W7 Professional 32-bit, if it matters.


This may be of interest: Win7 Firewall
Feel free to ignore my input. I am jst another user !

#11 Mainard

Mainard

    Forum Admin

  • Administrators
  • PipPipPipPipPipPip
  • 1,718 posts
  • Gender:Male
  • Location:San Jose, CA
  • Interests:Ice Hockey
    Guild Wars 2 & League of Legends

Posted 08 July 2011 - 06:30 PM

Hello Texdude,

I was able to replicate this issue and sent it over to the developers. Will keep you posted. If you have any questions please feel free to ask.

If you are already being assisted via the email support. Please let me know.

Thank you.
Grant Gardiner
Software Development Engineer in Test

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users