[German]Brief information, which I'll cover in this post. Last week a tweet came to my attention in which a Microsoft MVP complained that the fan on his Windows system was running at full speed. A quick look showed that Microsoft Defender was really pulling CPU power on the machine. Could possibly affect one or the other user from the readership. Because the culprits: Windows Defender and Dell SupportAssist might well be in use more often.
Advertising
Dell SupportAssist
Most Dell consumer PCs with Windows 10 (and probably Windows 11 as well) will have the SupportAssist client installed. This is a technology that Dell says keeps everything running smoothly on the PC. The feature can remove viruses, detect problems, tweak settings, and alert the user when updates need to be made.
This SupportAssist is always good for problems, according to my research. Some time ago there was a forum post at Kaspersky. There someone writes that whenever "DellSupportAssistRemediationService" tries to create a backup, Kaspersky identifies a high risk trojan and tries to delete this file. And also here in the blog there are some posts with hints about problems with SupportAssist (see list at the end of the article).
In the Dell support forum I also found the post Dell SupportAssist not working on Windows 11 ? where a user reports problems with the client in conjunction with Windows 11. The SupportAssist version 3.11.4.29 should fix the problem, according to user entries.
Suddenly high CPU load and fan spinning up
Last week, I came across a message on Twitter from SwiftOnSecurity, a Microsoft MVP and security expert, who wrote about a problem with a Windows system. Suddenly, the CPU fan went to maximum speed permanently, and Microsoft Defender was causing a heavy CPU load on the machine. Mysteriously, however, there was no current Defender scan running.
Advertising
SwiftOnSecurity then used the performance analyzer for Microsoft Defender via PowerShell for analysis. Microsoft has published the article Performance analyzer for Microsoft Defender Antivirus (as of 9/30/2022) on this topic. The analysis can be started with the statement:
New-MpPerformanceRecording -recordto c:\1.etl
for a certain period of time. The above command writes the results to the file c:\1.etl. With the Enter key the recording of the data for analysis can be stopped and saved, with Ctrl+C the recording can be cancelled. Afterwards the whole thing can be analyzed with the following command::
Get-MpPerformanceReport c:\1.etl -topprocesses 100
The above command reads the .etl file and prepares for the user a list of the top 100 scans that affect performance the most. The options are described in the linked Microsoft post.
SwiftOnSecurity found a conflict between Microsoft Defender and Dell SupportAssist to be the cause. Dell SupportAssist was scanning all EXE files on the drive, triggering on-access scans. This then caused the high load. Maybe it will help someone sometime.
Similar articles
Critical Vulnerability in Dell SupportAssist (Feb. 2020)
Dell devices: RCE vulnerabilities in SupportAssist Client
Dell EMC SupportAssist Enterprise security alert
HP Support Assistant: Patch a vulnerability (Sept. 2022)
