High memory usage by RTVSCAN.EXE
Created: 04 Nov 2012 | 4 comments
High memory usage by RTVSCAN.EXE for SEP version 11.0.7200.1147, the target systems are up-to-date with windows OS patches and SEP virus def
applied WindowsXP-KB959658-x86-ENU.exe and WindowsXP-KB2616676-v2-x86-ENU.exe patches also as suggested by some forums as a possibility memory leak, still no solution
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
HI,
Check this artical
http://www.symantec.com/business/support/index?page=content&id=TECH170667
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
There is a hotfix available from Microsoft that addresses this memory leak in crypt32.dll. See the following Microsoft technical article:
http://support.microsoft.com/kb/959658 ("A memory leak problem occurs when you run an application that uses the HttpSendRequest function of the WinHTTP API or of the WinINet API to send Secure Sockets Layer requests in Windows XP Service Pack 3").
This hotfix is only for customers experiencing this issue and is available from Microsoft by request only. Please discuss the ramifications with Microsoft before deciding to deploy this hotfix. Other updates may be applied to crypt32.dll, but the hotfix in KB959658 will enforce an older developmental branch. You can even apply updates and this hotfix in any order, and you will still wind up with a hotfixed DLL. This may cause some confusion because the version differences aren't readily apparent. For example, if the update in KB2616676 has already been applied, crypt32.dll version will be 5.131.2600.6149 and applying the hotfix in KB959658 and rebooting, this version number is the same. To see the difference, you must go to the file properties version tab for crypt32.dll and highlight "File Version" to see more versioning details. For example:
Hotfixed: 5.131.2600.6149 (xpsp3_sp3_qfe.110906-1620)
No Hotfix: 5.131.2600.6149 (xpsp3_sp3_gdr.110906-1620)
As an alternative to applying the Microsoft hotfix, you may do one of the following:
Monitor rtvscan.exe memory usage on the Endpoint Protection client. If it goes above 300MB then restart the rtvscan.exe service (the "Symantec Endpoint Protection" service) . No reboot should be necessary. After monitoring memory usage you may identify an hourly interval at which you can schedule a service restart.
Dear Simpson
i had applied 2 patches for MEMORY LEAK issue (WindowsXP-KB959658-x86-ENU and WindowsXP-KB2616676-v2-x86-ENU) but of no use
removed PTP and NTP also, still the same problem
i have observed one common character on the affected machines - Outlook PST files amounting to 15+gb, lots of shared folder access over the network (application)
though that entire department is using the common shared network drive for application, other users didnt have that huse PST files
can this be a reason?
Aravind
Hello Karvy,
It could be one of the reasons, I cannot assure you though without proper findings.
I would suggest you to get a case opened with technical support and allow them to investigate this further and collect the necessary info and logs.
Phone numbers to contact Tech Support:-
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
India: Toll-Free 000 800 4401 456 directly
IDD call: +61 2 8220 7111
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Customer Care Contact Numbers for Licensing Issues:-
http://www.symantec.com/support/assistance_care.jsp
How to create a new case in MySupport
http://www.symantec.com/business/support/index?page=content&id=TECH58873
Would you like to reply?
Login or Register to post your comment.