On one of my low tech host, the process is using way too much cpu on comparaison to my other hosts.
We are talking of 16-23 % of a i7-7Y75
And apparently the thread is ntdll.exe.
So I want to know what influences the process ?
Or would it be because of a problem with ntdll.exe ?
1 Like
Have you checked the ntdll.exe file with an antivirus, or analyzed it with the VirusTotal API? See any issues, or no?
If you do a clean install of GlassWire does the problem go away?
Ntdll.exe is an essential piece of software in windows, I guess you know that. Actually is the thread launched with the file ntdll.dll
Virustotal didn’t detect anything and I always had a antivirus, so unless it’s a very crafty malware or virus (which always possible), I don’t think it is that. But it could be a corrupted ntdll or an hardware issue.
I will try to reinstall glasswire later today and we’ll see.
1 Like
Yes, I realize it is essential but I thought it might be good to be 100% it’s actually the official Microsoft software and not malware. Sorry for the issue.
Also you can quickly check to be sure it’s signed by Microsoft by clicking its icon in GlassWire. In that case it should be the official app.
Meanwhile we’re working on a major update that should be out in a month or so.
By reinstalling glasswire, it occupies again a lot more cpu than it should. And makes even the Public WiFi instable because of the constant cpu demands it adds up.
So it is the Microsoft installation which is screwed up with ntdll or it’s glasswire which is too demanding on that kind of devices
And the problem really resides only with gwctlsrv.exe
It would be great if there would be a pause button or something to temporarily deactivate glasswire
And also I don’t understand why by exiting glasswire it would not delete glass wire control server
The problem is both with that service. It is cpu hungry +I/O demanding which makes the system unstable, especially when there are variations between hibernate modes etc. When you first install it, it is not that much disturbing.
It’s very demanding if you put the pc in hibernation and then wake it up.
And I have just uninstalled glasswire after an hibernation because it renders the pc unusable and even if the uninstall succeeds, the process is still running full time and I can’t stop it.
So again, or a problem with ntdll or there is a problem with hibernation and this process in particular
Should I make a ticket or something?
Does this happen when “Process Hacker” is not running, or only when it’s running?
No it happens even if process hacker is not running or even installed as a matter of fact.
And that would be very much surprising that process hacker would be the cause for only glasswire control server to go haywire. And since I’m using a lot of different things I would have seen it in other processes. But I left open to the ideas.
It would of course be a good idea to incorporate it into your test anyway to see if there are any interferences.
What else could interfere with glasswire ?
Did you have test bench’s with all the major internet security suite ? Like bitdefender, kaspersky,…? They do too install some network drivers .
And do you have some tests bench with virtualbox and other virtualization solutions who installed network drivers ?
On my system with the Glasswire UI closed, the Glasswire app and processes normally idle near 0%.
But if I open the UI to the real-time graph page, the app runs at near 20% CPU. I don’t normally view the graph, so for me that is never an issue.
I don’t believe that I have ever seen the Glasswire control server jump that high.
The only way to really determine what is conflicting would be to disable everything that runs resident at boot (apps, services, drivers, etc.), and then enable one item at a time until you reproduce the problem (i.e. clean boot).
1 Like
What is the exact CPU usage for you guys? For me, it’s basically like this (according to Process Hacker and Process Explorer), when GlassWire UI is closed:
GWCtlSrv.exe = 0.57 (fluctuates between 0.40–0.80)
GlassWire.exe = 0.04
ProcessHacker.exe = 0.17 (this is just for comparison)
procexp64.exe = 0.85 (this is just for comparison)
These values happen on a fairly fast computer (i7-8700). I am just wondering if that 0.57 is typical or not (would be nice if it was also only 0.04).
EDIT: I just noticed that if I close my Firefox Portable (a special installation), the CPU usage for GWCtlSrv.exe goes down to 0.10. Also, that Firefox apparently causes a crazy 130–500 MB/s I/O total rate (through GWCtlSrv.exe, but not through network monitor). It is possible that the high CPU usage is caused by a problem in that Firefox installation (perhaps GlassWire is suspicious and ramps up the monitoring, or something, while the file is actually not dangerous). Without that Firefox Portable, the I/O total rate is only 350 kB/s.
GlassWire resource usage is directly related to network activity. If you use something like Bittorrent that connects to thousands of hosts simultaneously then GlassWire must work hard to log this activity, so its resource usage can spike.
If you use your PC normally GlassWire’s resource usage is minimal or almost non-existent.
I use Firefox myself and I don’t notice any issues. If an app is doing something crazy on the network you can click its icon, then “more” then make that app “Incognito” where its data isn’t recorded. It can help with resource usage if you want to use Bittorrent for example.
We are also making a new “lite” version of GlassWire that will be out soon. It collects less host data and is good for Bittorrent users for example.
I’m not using Bittorrent, but what I did now is I closed all tabs in that Firefox and reopened the same windows. For some reason now there’s no significant I/O total rate anymore (there never was any significant network activity in kilobytes/s, but something was still going on). And as there’s no I/O activity (GlassWire logging activity?), the CPU usage is also nice, below 0.3. The high number was possibly caused by some glitch in Firefox.
Yes. With normal Firefox, I do not see any significant I/O total rate rise. However, now I tried Firefox Portable with all extensions off, just being on an empty page or just sitting at about:addons page. It gives 0.6 CPU and 50 MB/s I/O. As soon as Firefox Portable is closed, back to normal. Whatever causes this, it seems fairly reproducible.
2 Likes