Not applicable
Created on 03-16-2009 09:49 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fmon.exe - maxing out cpu usage
Hi - I have a couple machines running FortiClient 3.0.614 with only the AV (with realtime enabled) and WebFilter features installed. I have several others installed the same way and seem to work fine. However on these two machines, the fmon.exe process is constantly maxing out the cpu and causing sluggish performance even when there are no applications running. Anyone familiar with the fmon.exe process and why it is doing this and what can be done to fix this?
Thanks
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can run fmon.exe from command line and see what will be happening. It should output debug info on which files it' s scanning.
First shutdown FortiClient, then lanuch a DOS window, and type in the command
c:\Program Files\Fortinet\FortiClient\fmon.exe -s a_0 -d
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the log - what should I be looking for in here?
C:\Program Files\Fortinet\FortiClient>fmon.exe -s a_0 -d
process id: 4068
Id = 0
==> Cannot open the process. Error = 87
Id = 4
==> EnumProcessModules has failed with error 299, dwBytesReturned = 0
Id = 888
==> Number of module : 2
==>Begin to scan C:\WINDOWS\System32\smss.exe
Id = 936
==> Number of module : 12
==>Begin to scan C:\WINDOWS\system32\csrss.exe
==> (0)(00000b10)(1964) Begin to scan
-> Open File Handle : 0x56c
-> file name : c:\windows\prefetch\fmon.exe-05435bb7.pf
Id = 964
==> Number of module : 93
==>Begin to scan C:\WINDOWS\system32\winlogon.exe
Id = 1008
==> Number of module : 27
==>Begin to scan C:\WINDOWS\system32\services.exe
Id = 1020
==> Number of module : 59
==>Begin to scan C:\WINDOWS\system32\lsass.exe
Id = 1188
==> Number of module : 50
==>Begin to scan C:\WINDOWS\system32\svchost.exe
Id = 1852
==> Number of module : 42
==>Begin to scan C:\WINDOWS\system32\svchost.exe
Id = 1964
==> Number of module : 157
==>Begin to scan C:\WINDOWS\System32\svchost.exe
Id = 220
==> Number of module : 32
==>Begin to scan C:\WINDOWS\System32\svchost.exe
Id = 404
==> Number of module : 44
==>Begin to scan C:\WINDOWS\System32\svchost.exe
Id = 676
==> Number of module : 88
==>Begin to scan C:\WINDOWS\system32\spoolsv.exe
Id = 1204
==> Number of module : 18
==>Begin to scan C:\Program Files\USERS\Services\DSAdmin.exe
Id = 1372
==> Number of module : 31
==>Begin to scan C:\Program Files\Esker\Common\eslcbcst.exe
Id = 1404
==> Number of module : 33
==>Begin to scan C:\Program Files\Java\jre6\bin\jqs.exe
Id = 1468
==> Number of module : 30
==>Begin to scan C:\WINDOWS\System32\svchost.exe
Id = 1488
==> Number of module : 17
==>Begin to scan C:\Program Files\NetScaler\Netscaler Secure Remote Access\nsver
ctl.exe
Id = 1500
==> Number of module : 38
==>Begin to scan C:\WINDOWS\system32\nvsvc32.exe
Id = 1512
==> Number of module : 30
==>Begin to scan C:\WINDOWS\System32\svchost.exe
Id = 256
==> Number of module : 123
==>Begin to scan C:\WINDOWS\Explorer.EXE
Id = 624
==> Number of module : 33
==>Begin to scan C:\WINDOWS\system32\hkcmd.exe
Id = 632
==> Number of module : 15
==>Begin to scan C:\WINDOWS\BCMSMMSG.exe
Id = 1632
==> Number of module : 20
==>Begin to scan C:\Program Files\Java\jre6\bin\jusched.exe
Id = 1828
==> Number of module : 29
==>Begin to scan C:\WINDOWS\system32\RUNDLL32.EXE
Id = 2052
==> Number of module : 23
==>Begin to scan C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
Id = 2140
==> Number of module : 25
==>Begin to scan C:\WINDOWS\system32\ctfmon.exe
Id = 2512
==> Number of module : 33
==>Begin to scan C:\WINDOWS\System32\alg.exe
Id = 3036
==> Number of module : 43
==>Begin to scan C:\Program Files\NetScaler\Netscaler Secure Remote Access\nsloa
d.exe
Id = 3868
==> Number of module : 129
==>Begin to scan C:\Program Files\Internet Explorer\iexplore.exe
Id = 3928
==> Number of module : 23
==>Begin to scan C:\WINDOWS\system32\cmd.exe
Id = 4068
==> Number of module : 45
==>Begin to scan C:\Program Files\Fortinet\FortiClient\fmon.exe
Process scanning ended.
==> (1)(80000b11)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\bin\client\classes.jsa
==> (2)(80000b12)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\windows\system32\setupapi.dll
==> (3)(80000b13)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\content-types.properties
==> (4)(80000b14)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\deploy.jar
==> (5)(80000b15)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\fontconfig.bfc
==> (7)(80000b17)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\javaws.jar
==> (8)(80000b18)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\logging.properties
==> (9)(80000b19)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\meta-index
==> (10)(80000b1a)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\net.properties
==> (11)(80000b1b)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\plugin.jar
==> (12)(80000b1c)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\resources.jar
==> (13)(80000b1d)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\rt.jar
==> (14)(80000b1e)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\security\cacerts
==> (15)(80000b1f)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\security\java.policy
==> (16)(80000b20)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\security\java.security
==> (17)(80000b21)(1404) Begin to scan
-> Open File Handle : 0x588
-> file name : c:\program files\java\jre6\lib\security\javaws.policy
==> (18)(80000b22)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\lib\tzmappings
==> (19)(80000b23)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\lib\zi\gmt
==> (0)(80000b24)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\awt.dll
==> (1)(80000b25)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\client\jvm.dll
==> (2)(80000b26)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\dcpr.dll
==> (3)(80000b27)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\deploy.dll
==> (4)(80000b28)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\fontmanager.dll
==> (5)(80000b29)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\hpi.dll
==> (6)(80000b2a)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\java.dll
==> (7)(80000b2b)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\java.exe
==> (8)(80000b2c)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\jp2native.dll
==> (9)(80000b2d)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\jpeg.dll
==> (10)(80000b2e)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\msvcr71.dll
==> (11)(80000b2f)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\net.dll
==> (12)(80000b30)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\nio.dll
==> (13)(80000b31)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\regutils.dll
==> (14)(80000b32)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\verify.dll
==> (15)(80000b33)(1404) Begin to scan
-> Open File Handle : 0x57c
-> file name : c:\program files\java\jre6\bin\zip.dll
==> (16)(80000b34)(964) Begin to scan
-> Open File Handle : 0x5cc
-> file name : c:\windows\system32\msctf.dll
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks normal to me. That' s strange. You can also use ProcessExplorer to check which files are still open in fmon.exe process when the high CPU usage persists.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem here. Support said, it is no known issue...
We removed FC AV-component and use another AV-vendor with FortiClient-VPN.
regards,
Andreas
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably you can try FortiClient 4.0. The AntiVirus performance is much better due to its more aggressive caching mechanism.
The up-coming 4.0 patch-1 will be due very soon (next week). Give it a spin and see how it perform for you.
Personally, I have been running FortiClient AV for several years. It' s not perfect (do we know any perfect AV product?), but it' s becoming better and better.