Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    10546
    Posts
    23
    Thanks
    0
    Thanked 3 Times in 2 Posts

    High CPU caused by Windows Firewall

    I'm suddenly seeing periodic (every 30 to 40 seconds) cpu usage peaks in svchost. I've traced it to the Windows Firewall - turn the firewall off and it stops. Web searches have not led to any Windows XP solutions or even hints. A second Windows XP machine on the same network does not show this. Both are completely up to date.

    The firewall log does not show an excessive number of blocked connections, although there are continuous blocked connections.

  2. #2
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    One thing to remember is that the Windows XP firewall only blocks outgoing connections. If the firewall is being triggered, maybe something is trying to "phone home". The second thing to remember is that the communication may be an allowed connection rather than blocked - either way might cause a hit on the CPU - so looking at blocked connections in pfirewall.log might miss the culprit.

    Can you pinpoint the date this started? Was there any software installed on the machine after that time - maybe roll back using system restore to before that date and see if that overcomes the issue.

    Alternatively download and install TCPView from Sysinternals to look at what might be attempting to communicate outside of the box.

  3. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Quote Originally Posted by Tinto Tech View Post
    One thing to remember is that the Windows XP firewall only blocks outgoing connections.
    Tino,

    I always thought it was Incoming connections?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  4. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Did I say outgoing - oh dear, that's what comes from editing and re-editing drafts then leaving in earlier snippets of text as one rushes to collect daughter form work.

    For a service or program to communicate through the firewall an exception needs to be added. The rest stands as noted (I think I drafted that bit right) - it might be allowed or blocked, but looking for blocked might miss the issue.

    Using TCPView will illuminate all TCP and UDP connections and help discover if it is indeed something spiking the firewall.

    Need to rush off for dinner now, so hopefully no more silly typos!

  5. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Run a complete AV/AM scan from a tool independant of what you currently have installed, and go with a popular 3rd party firewall instead of XP's.
    It is generally known that the firewalling capability of Windows XP is somewhat inferior to most 3rd party choices.


    Windows Secrets: Easily view Windows XP firewall log

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    10546
    Posts
    23
    Thanks
    0
    Thanked 3 Times in 2 Posts
    Update on my problem. I could see nothing suspicious going on. I installed online armor free. It's logs don't show anything unusual - even in log everything mode. For now, I'll just try to forget about it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •