Texdude

WFPDIAG.etl activity

11 posts in this topic

Hi all,

Just wiped my computer and reinstalled everything. Noticed that there was constant hard disk activity due to some continuous program reads and traced it back to process wfpdiag.etl (which I understand to be the built in windows firewall event trace log). Since I only had a couple of programs loaded so far, it was easy for me to determine the cause. Once the MBAM program was shut down, the excessive hdd reads were eliminated. Has anyone else noticed this same problem?

I'm using W7 Professional 32-bit, if it matters.

Share this post


Link to post
Share on other sites

Hello and welcome, texdude:

What AV are you running?

Is this a company computer, by any chance?

daledoc1

Share this post


Link to post
Share on other sites

I'm running Avast for AV and no, not a company computer.

Thanks.

Share this post


Link to post
Share on other sites

OK, thanks for the info.

And we will assume you aren't infected, as this is a new OS install.

Let's start with the easiest step first, which is to set up the reciprocal exclusions for Avast and MBAM.

sometimes, it's helpful to first cleanly uninstall MBAM, and then reinstall it with Avast temporarily disabled, then set the exclusions, and then re-enable Avast.

But let's see if this doesn't fix it first, with both programs already installed, as it will save a couple of steps.

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus 6 (Free, Pro and Internet Security):

  • Open Avast! antivirus and click on REAL-TIME SHIELDS on the left
  • Click on File System Shield on the left and click on Expert Settings
  • Click the Exclusions section
  • Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
  • In the Select the areas window click on the + next to C:
  • Click the + next to Program Files Note: For 64 bit Windows versions this will be Program Files (x86)
  • Click the box next to Malwarebytes' Anti-Malware and click on OK
  • Click OK again
  • Click on Web Shield on the left and click Expert Settings
  • Click on Exclusions and check the box next to URLs to exclude:
  • Type or copy/paste the following address:
    *.mbamupdates.com
  • Click on OK
    Also, for Avast! Internet Security:
  • Click on Behavior Shield on the left and click Expert Settings
  • Click on Trusted Processes
  • Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
  • Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
  • Do the same for the following files:
    • mbamgui.exe
    • mbamservice.exe

    [*]Click on OK

    [*]Close Avast! antivirus

Set Exclusions for Avast! Antivirus Free, Pro and Internet Security in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click on the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on avast software and click on OK
  • Close Malwarebytes' Anti-Malware

EDIT: I'd probably reboot at least once for good measure after doing this. ;)

Please let us know how it goes,

Thanks!

daledoc1

Share this post


Link to post
Share on other sites

Hi, again, texdude:

I'm going offline for a while.

Don't want to leave you dangling...

So, if what I suggested earlier doesn't work, then I would try the following, using the information in that earlier post for steps #6 and #8.

Please post back with the results, either way.

If none of this works, then another member or expert will be more than happy to assist you. :)

MBAM Clean Re-installation Instructions:

NOTE: You need to be logged in as an administrator.

1. Download and run mbam-clean.exe from here.

Note:It will ask to restart your computer; please allow it to do so -- very important!

2. After the computer restarts, temporarily disable your Anti-Virus (AV) and install the latest version of Malwarebytes' Anti-Malware from here. (Note: Ignore any promos or ads for other software/products at the mirror sites; and there is no fee to download MBAM Free.)

Note: You will need to reactivate the program using the license you were sent via email, if you are using the PRO version.

3. Launch MBAM (and set the Protection and Registration, if you are using the PRO version).

4. Go to the UPDATE tab, if not done during installation, and check for updates.

5. Restart the computer again (and, if you are using the PRO version, verify that the MBAM icon is in the system tray).

6. Set up any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications. You may use the guides posted in the FAQs here, or ask and we'll explain how to do it. (Specific steps depend on the AntiVirus software vendor & version, and on your computer's OS).

7. Restart your Anti-Virus/Internet-Security applications.

8. Add the program folder(s) for your AV and FW to MBAM's "Ignore List".(Let us know if you need help with this.)

9. Set up your scheduled updates & scheduled scans (this only applies to the PRO version). Scheduler help is available here.

10. Run an MBAM Quick Scan.

Hope this helps,

daledoc1

Share this post


Link to post
Share on other sites

Ok, followed your instructions and added exclusions to Avast & MBAM (then rebooted), but there is still data being read consistently from the hdd disk according to resource monitor. The only file doing the read is wfpdiag.etl, and when I shut down mbam it goes away. Perhaps it's normal activity and I can somehow eliminate the wfpdiag file?

Thanks!

Share this post


Link to post
Share on other sites

Ok, took your last advice about uninstall then reinstall mbam - but resource monitor still showing some disk activity. I'm guessing that it may be easier now to just start from scratch and go back to a clean install of W7 OS. I'll install one app at a time until I figure out where the disk activity originates (ugh). I plan to install OS first, then MBAM, then Avast to see if it makes a difference. I'll post in this forum later what happens.

Regards.

Share this post


Link to post
Share on other sites

Ok, I did a clean install of W7 OS with no other software installed (no AV installed) and there is still some thrashing of the hard drive for WFPDIAG.etl. I did add exceptions to the windows firewall for mbam.exe, mbamservice.exe, and mbamgui.exe. I'll keep trying different solutions but if I can't find one then I'll probably just uninstall and move on...

Share this post


Link to post
Share on other sites

Hi, texdude:

Sorry you're still having problems.

I'm just a home user and am not sure what to suggest next.

Please don't give up -- we will await input from someone more expert than I. :)

In the interim, if you prefer, you could open a help desk ticket by sending an email to support@malwarebytes.org. They will provide one-on-one assistance.

(If you opt for this, please post back here and let us know, so the mods can lock this thread.)

Thanks very much for your patience,

daledoc1

Share this post


Link to post
Share on other sites

Hi all,

Just wiped my computer and reinstalled everything. Noticed that there was constant hard disk activity due to some continuous program reads and traced it back to process wfpdiag.etl (which I understand to be the built in windows firewall event trace log). Since I only had a couple of programs loaded so far, it was easy for me to determine the cause. Once the MBAM program was shut down, the excessive hdd reads were eliminated. Has anyone else noticed this same problem?

I'm using W7 Professional 32-bit, if it matters.

This may be of interest: Win7 Firewall

Share this post


Link to post
Share on other sites

Hello Texdude,

I was able to replicate this issue and sent it over to the developers. Will keep you posted. If you have any questions please feel free to ask.

If you are already being assisted via the email support. Please let me know.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.