Video Screencast Help

Rtvscan.exe, high memory usage (SAV)

Created: 29 Sep 2009 • Updated: 02 Jul 2010 | 23 comments
This issue has been solved. See solution.

I have this on a SAV client, where it goes over 128MB or RAM and it slows things down. I can not reduce it or terminate it, but I need to know what to look for to keep the CPU/Memory usage under control.

Thank you.

Also, should I exclude the following folder from real time scans?

C:\Program Files\Enterprise Vault

Comments 23 CommentsJump to latest comment

P_K_'s picture

Waht  is the vesrion of SAV ?

Title: 'After installing Symantec AntiVirus 10.1, Rtvscan.exe uses 100% of the CPU'
Document ID: 2006032807423548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2006032807423548?Open&seg=ent

yes  the folder can be excluded

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

The high CPU usage in Rtvscan.exe is caused when the following registry path to NavLogon.dll is not added during the installation of Symantec AntiVirus:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\NavLogon\DllName

 

Add the following Key and values to
Start regedit.exe and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify

Right-click on the Notify key, and select New > Key.

Type NavLogon for the key.

Right-click on the NavLogon key, and select New > String value.

Type DllName for the String value.

Right-click on the DllName String value, and select Modify.

For the Value data, type C:\WINDOWS\system32\NavLogon.dll (default OS install path)

Click OK and exit the Registry Editor.

After making registry changes, restart the computer
 

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
P_K_'s picture

Yes

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

ajpnyc's picture

Prachand - I went through the above steps but the file dll file was already there. Rtvscan.exe runs at 128,672 on my computer. Anything other fixes with this? I'm running version 10.1.0.396. Thanks,

cforbes's picture

Does this information also apply to "Symantec Endpoint Protection 11.0.5002.333"?

ahmed5's picture

Hi there,

I'm on endpoint V11. Could you tell me if the info you posted is also valid for this version of SAV?

Many thanks for your help!

Bob1946's picture

Even after checking the above (all the registry entries were correct) the rtvscan on one of our machines still will take 100% of the cpu for long periods and routinely runs over 160K.

Any help would be appreciated.

Dannyyu's picture

Prachand - My register includes the key. Rtvscan.exe runs at 128,672 on my computer. Anything other fixes with this? I'm running version 10.1.0.396. Thanks,

nckmru's picture

I have also checked the register Keys and it's already there.
I'm rrunning 10.1.0.394 in managed mode (controled by server). I have 10 network PCs and there is only one with the High Memory problem (RtvScan is consumming 133,240 Ko !!). The PC with the problem is running SP2 I will upgrade to SP3 and check if the problem persist.

Regards,

Nicolas

rfrank's picture

Two questions...
 
1. In your instructions above, it says to type in "C:\WINDOWS\system32\NavLogon.dll (default OS install path)"

Do you type in "(default OS install path)" too, or is that a note?

I have symantec ENDPOINT and have tried it both ways (not sure which is correct) but RTVSCAN and SVCHOST continue to eat up nearly all memory and cpu capacity.

2. I'm running Windows XP I doubled my RAM to 2 gig but it made no difference. These two programs still seem to bring the computer to a painful glacial crawl.

Thanks in advance for the clarification on the path, AND 

2. Is there anything else I can do to bring this computer back to life?

BTW: In an effort to solve this issue, we recently wiped the hard drive and have not put many programs back on it ... and yet it still crawls along.
 
Thank you for your time and insights. It's greatly appreciated.

rfrank

cforbes's picture

Does your information below also apply to "Symantec Endpoint Protection 11.0.5002.333"?

Client SW was pushed down from the control center on the server... 

The high CPU usage in Rtvscan.exe is caused when the following registry path to NavLogon.dll is not added during the installation of Symantec AntiVirus:

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\NavLogon\DllName

 Add the following Key and values to
Start regedit.exe and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify

Right-click on the Notify key, and select New > Key.

Type NavLogon for the key.

Right-click on the NavLogon key, and select New > String value.

Type DllName for the String value.

Right-click on the DllName String value, and select Modify.

For the Value data, type C:\WINDOWS\system32\NavLogon.dll (default OS install path)

Click OK and exit the Registry Editor.

After making registry changes, restart the computer

koulson's picture

I don't see where this question has been answered pertaining to whether or not this recommendation is valid for SEP 11.0.5.

Looking at my registry on XP SP3, I do not have the key but do not suffer from RTVSCAN utilization issues on my machine.  One of my users does however.

Any help is appreciated.

KO

The Conquistador's picture

Before I upgraded to SEP. You may want to run Cleanwipe, and redo whatever installation you have running on the user with the error.

I_H8_Symantec's picture

I am using Symantec Endpoint Protection, and I have had the same problem. I ran regedit and found that the registry key listed above was already there. I then ran a search on my computer for NavLogon.DLL - guess what? It was in a subdirectory on my second hard drive, nowhere near where it was supposed to be.

If you have the registry key as listed above in your registry and you still have the problem with rtvscan.exe bringing your system to it knees, run a search for NavLogon.DLL. When you find it, copy it to C:\WINDOWS\system32, then reboot.

I did this and it solved my problem, or I should say, improved things significantly. rtvscan.exe used to take up 99% of my CPU time when it ran. Now it only takes up 10%. This still slows my machine down a little, but at least it does not completely take over the CPU anymore, and I can continue to work while it runs.

Hope this helps.

The Conquistador's picture

I have put some thought into it and decided to exclude OST files, and PST files as well as other large files. I have admins that will simply rename these files as well. I ask them if they need to rename, to rename the files .old, I also exclude this extension. If it bypasses something that can be 5GB + I am sure the RTVScan performance will improve.

The Conquistador's picture

I will look into that as well. But right now all is happy :-D

FBSG-Kathleen's picture

Hi -

I searched my HDD and located 2 instances of NavLogon.DLL. Once in the proper directory C:\Windows\System32, however there is another one in the C:\i386 directory??

Any thoughts as to how to alleviate that situation? I am constrantly running (slowly) at 57,108K Mem usage. Sometimes I think my abacus is faster :)

Thanks,
~K

jsc's picture

WinXPPro, sp3, SAV Corp Edition 10.1.5.5000.

Only one instance of NavLogon.dll, and it's where it is supposed to be and is called out correctly in the registry.

Rtvscan.exe using 154,692k and takes 100% of the cpu on startup for about 5-10 minutes.  Have to walk away until the computer is useable again.

Corp IT is of no help.  All they want to do is uninstall and reinstall, and after an hour, nothing is fixed.

Suggestions?

Rkymm8's picture

Rtvscan.exe using 154,692k and takes 100% of the cpu on startup for about 5-10 minutes.  Have to walk away until the computer is useable again.

Grant_Hall's picture

Hi Rkymm,

I know that some users are still seeing this problem. However this thread has been solved already so many users will ignore it. If you are having this issue and would like assistance with it then you should open a new thread. This way it is more visible and has a current timestamp (not months old).

Thanks,
Grant

Please don't forget to mark your thread solved with whatever answer helped you : )