fmon.exe - maxing out cpu usage

Forum|Forum|17 years ago
March 16, 2009
4 replies
5107 views

Hi - I have a couple machines running FortiClient 3.0.614 with only the AV (with realtime enabled) and WebFilter features installed. I have several others installed the same way and seem to work fine. However on these two machines, the fmon.exe process is constantly maxing out the cpu and causing sluggish performance even when there are no applications running. Anyone familiar with the fmon.exe process and why it is doing this and what can be done to fix this? Thanks

vanc

New Member

You can run fmon.exe from command line and see what will be happening. It should output debug info on which files it' s scanning. First shutdown FortiClient, then lanuch a DOS window, and type in the command c:\Program Files\Fortinet\FortiClient\fmon.exe -s a_0 -d

A

Anonymous_UserAuthor

Contributor

Here is the log - what should I be looking for in here? C:\Program Files\Fortinet\FortiClient>fmon.exe -s a_0 -d process id: 4068 Id = 0 ==> Cannot open the process. Error = 87 Id = 4 ==> EnumProcessModules has failed with error 299, dwBytesReturned = 0 Id = 888 ==> Number of module : 2 ==>Begin to scan C:\WINDOWS\System32\smss.exe Id = 936 ==> Number of module : 12 ==>Begin to scan C:\WINDOWS\system32\csrss.exe ==> (0)(00000b10)(1964) Begin to scan -> Open File Handle : 0x56c -> file name : c:\windows\prefetch\fmon.exe-05435bb7.pf Id = 964 ==> Number of module : 93 ==>Begin to scan C:\WINDOWS\system32\winlogon.exe Id = 1008 ==> Number of module : 27 ==>Begin to scan C:\WINDOWS\system32\services.exe Id = 1020 ==> Number of module : 59 ==>Begin to scan C:\WINDOWS\system32\lsass.exe Id = 1188 ==> Number of module : 50 ==>Begin to scan C:\WINDOWS\system32\svchost.exe Id = 1852 ==> Number of module : 42 ==>Begin to scan C:\WINDOWS\system32\svchost.exe Id = 1964 ==> Number of module : 157 ==>Begin to scan C:\WINDOWS\System32\svchost.exe Id = 220 ==> Number of module : 32 ==>Begin to scan C:\WINDOWS\System32\svchost.exe Id = 404 ==> Number of module : 44 ==>Begin to scan C:\WINDOWS\System32\svchost.exe Id = 676 ==> Number of module : 88 ==>Begin to scan C:\WINDOWS\system32\spoolsv.exe Id = 1204 ==> Number of module : 18 ==>Begin to scan C:\Program Files\USERS\Services\DSAdmin.exe Id = 1372 ==> Number of module : 31 ==>Begin to scan C:\Program Files\Esker\Common\eslcbcst.exe Id = 1404 ==> Number of module : 33 ==>Begin to scan C:\Program Files\Java\jre6\bin\jqs.exe Id = 1468 ==> Number of module : 30 ==>Begin to scan C:\WINDOWS\System32\svchost.exe Id = 1488 ==> Number of module : 17 ==>Begin to scan C:\Program Files\NetScaler\Netscaler Secure Remote Access\nsver ctl.exe Id = 1500 ==> Number of module : 38 ==>Begin to scan C:\WINDOWS\system32\nvsvc32.exe Id = 1512 ==> Number of module : 30 ==>Begin to scan C:\WINDOWS\System32\svchost.exe Id = 256 ==> Number of module : 123 ==>Begin to scan C:\WINDOWS\Explorer.EXE Id = 624 ==> Number of module : 33 ==>Begin to scan C:\WINDOWS\system32\hkcmd.exe Id = 632 ==> Number of module : 15 ==>Begin to scan C:\WINDOWS\BCMSMMSG.exe Id = 1632 ==> Number of module : 20 ==>Begin to scan C:\Program Files\Java\jre6\bin\jusched.exe Id = 1828 ==> Number of module : 29 ==>Begin to scan C:\WINDOWS\system32\RUNDLL32.EXE Id = 2052 ==> Number of module : 23 ==>Begin to scan C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe Id = 2140 ==> Number of module : 25 ==>Begin to scan C:\WINDOWS\system32\ctfmon.exe Id = 2512 ==> Number of module : 33 ==>Begin to scan C:\WINDOWS\System32\alg.exe Id = 3036 ==> Number of module : 43 ==>Begin to scan C:\Program Files\NetScaler\Netscaler Secure Remote Access\nsloa d.exe Id = 3868 ==> Number of module : 129 ==>Begin to scan C:\Program Files\Internet Explorer\iexplore.exe Id = 3928 ==> Number of module : 23 ==>Begin to scan C:\WINDOWS\system32\cmd.exe Id = 4068 ==> Number of module : 45 ==>Begin to scan C:\Program Files\Fortinet\FortiClient\fmon.exe Process scanning ended. ==> (1)(80000b11)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\bin\client\classes.jsa ==> (2)(80000b12)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\windows\system32\setupapi.dll ==> (3)(80000b13)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\content-types.properties ==> (4)(80000b14)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\deploy.jar ==> (5)(80000b15)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\fontconfig.bfc ==> (7)(80000b17)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\javaws.jar ==> (8)(80000b18)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\logging.properties ==> (9)(80000b19)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\meta-index ==> (10)(80000b1a)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\net.properties ==> (11)(80000b1b)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\plugin.jar ==> (12)(80000b1c)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\resources.jar ==> (13)(80000b1d)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\rt.jar ==> (14)(80000b1e)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\security\cacerts ==> (15)(80000b1f)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\security\java.policy ==> (16)(80000b20)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\security\java.security ==> (17)(80000b21)(1404) Begin to scan -> Open File Handle : 0x588 -> file name : c:\program files\java\jre6\lib\security\javaws.policy ==> (18)(80000b22)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\lib\tzmappings ==> (19)(80000b23)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\lib\zi\gmt ==> (0)(80000b24)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\awt.dll ==> (1)(80000b25)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\client\jvm.dll ==> (2)(80000b26)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\dcpr.dll ==> (3)(80000b27)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\deploy.dll ==> (4)(80000b28)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\fontmanager.dll ==> (5)(80000b29)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\hpi.dll ==> (6)(80000b2a)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\java.dll ==> (7)(80000b2b)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\java.exe ==> (8)(80000b2c)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\jp2native.dll ==> (9)(80000b2d)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\jpeg.dll ==> (10)(80000b2e)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\msvcr71.dll ==> (11)(80000b2f)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\net.dll ==> (12)(80000b30)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\nio.dll ==> (13)(80000b31)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\regutils.dll ==> (14)(80000b32)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\verify.dll ==> (15)(80000b33)(1404) Begin to scan -> Open File Handle : 0x57c -> file name : c:\program files\java\jre6\bin\zip.dll ==> (16)(80000b34)(964) Begin to scan -> Open File Handle : 0x5cc -> file name : c:\windows\system32\msctf.dll

vanc

New Member

It looks normal to me. That' s strange. You can also use ProcessExplorer to check which files are still open in fmon.exe process when the high CPU usage persists.

AKrause

New Member

Same problem here. Support said, it is no known issue... We removed FC AV-component and use another AV-vendor with FortiClient-VPN. regards, Andreas

vanc

New Member

Probably you can try FortiClient 4.0. The AntiVirus performance is much better due to its more aggressive caching mechanism. The up-coming 4.0 patch-1 will be due very soon (next week). Give it a spin and see how it perform for you. Personally, I have been running FortiClient AV for several years. It' s not perfect (do we know any perfect AV product?), but it' s becoming better and better.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded