The story
One of our customer reported that it’s extremely slow when updating our product.When updating, our product first download a patch file, then apply the patch to existing files or create new files.
After investigation, I found that it’s the apply patch stage that was wasting time. But as the logic is extremely simple, for no time causing operation such as sleeping or or network access is performed, I don’t think it’s our software that’s causing the problem.
So, I guessed it must be the problem of his OS. Either it’s infected by virus or was installed with some malware.
Obviously, he was not satisfied with my hypothesis, neither was myself. I have to prove it.
File System Filter Drivers
I googled around with keywords like “windows filesystem hooks” and fortunately found some Windows technologies related to File System Filter DriversThere are two tyes of program that will affect filesystem:
- file system minifilter drivers
- legacy file system filter drivers
All of them can be identified with the command fltmc
C:\Windows\system32>fltmc
Filter Name Num Instances Frame
------------------------------ ------------- ------------ -----
luafv 1 135000 0
FileInfo 5 45000 0
WdFilter.sys – Windows Defender
storqosflt.sys - Storage QoS Filter Driver
luafv.sys – UAC File Virtualization
npsvctrig.sys – Named Pipe Service Trigger Provider
FileCrypt.sys - Windows sandboxing and encryption
FileInfo.sys – FileInfo Filter Driver (SuperFetch / ReadyBoost)
wcifs.sys - File System Filter
Wof.sys – Windows Image File Boot
After deleting them in the Autoruns program. The problem goes away immediately and the customer is now happy.
1 评论:
Superfetch is a Windows feature that preloads frequently used applications into memory for faster access. However, it may cause performance issues on some systems. To disable SysMain, open Services, find SysMain, right-click and select Properties, set Startup type to Disabled, and click Stop.
Post a Comment