How can I tell if antivirus is causing performance issues for CPU intensive tasks on a machine?


My company publishes simulation software that regularly performs prolonged CPU (and GPU, and occasionally I/O) intensive tasks. Our userbase are engineers, of whom some are embedded in large companies, of which some still subscribe to fairly archaic mindsets regarding IT that better belong in the 90s.

More than a few times now we have experienced situations where client computers which are extremely highly specced (some are commodity machines with 5 digit dollar values) are running simulations anywhere between 2-30 times slower than the same simulation on our internal machines. The client machines outspec our internal machines in basically every aspect (CPU, GPU, RAM, disk).

In a few rare instances we have been able to identify the antivirus software as the culprit, but this has typically been more due to serendipitous circumstances than any solid detective work on our part. We do not have a lot of experience with antivirus but from what we've observed, a lot of active scanning antivirus software does not appear to take up CPU itself, or even show up as a task manager process, but (presumably) the CPU utilisation is assigned to our process instead, causing these massive performance slowdowns.

On other occassions (sometimes when rapidly accessing anywhere between 1k-100k binary files) it will simply appear to frequently cause the CPU to throttle down to 0% usage, so the system effectively idles for prolonged durations (whereas on our internal machines the CPU maintains a steady 100% usage until the task is finished)

On occasion when the antivirus is turned off we have seen the performance immediately come up to the level expected. Unfortunately, it is very difficult to ask the IT departments of these companies to do this based on a hunch (and understandably so). In some circumstances they are also disinterested in genuinely supporting their engineers more than the absolute minimum so this becomes an unpleasant interdepartmental fight.

Is there a way we can reliably detect if the antivirus is causing performance issues so that we can better determine if it is worth having the argument?

Depending on the client we may or may not have administrator privileges, so I would welcome solutions or suggestions for either.


Posted 2015-06-10T15:42:21.417

Reputation: 779

Start by recreating those environments within a virtual machine ( or a physical machine ) locally to determine possible workarounds. – Ramhound – 2015-06-10T16:16:58.740

1You didn't specify the OS, but all current OS's have tools for monitoring resource usage down to the process/service level at least. For Windows 7, the built in one is pretty good (Task Manager, performance tab, resource monitor button), but there are much more detailed ones such as Process Monitor from Sysinternals (again, for windows). – R Drast – 2015-06-10T16:22:39.590

1And don't forget to show processes for ALL users not just the current one since AV will undoubtedly be running, at least in part, as a SYSTEM owned process. – Julian Knight – 2015-06-10T19:46:44.703

AV should really only kick in if you are writing to the filing system, if it is kicking in at other times, make sure nothing else is creating noise in the filing system. – Julian Knight – 2015-06-10T19:48:32.350

1"On occasion when the antivirus is turned off we have seen the performance immediately come up to the level expected." Sounds like more than a hunch to me. – Moab – 2015-06-12T02:11:09.010

Try using the Performance Monitor to log performance, and also use Resource Monitor to watch cpu usage for the antivirus exe. – Moab – 2015-06-12T02:15:14.940

No answers