Nous sommes là pour vous aider

Endpointprotection: memory leak (handles) because of curl

Avatar
Alain Coetmeur

Hello,
I just want to report a finding on my Windows 11 family, with Avira free.
I've experienced strange out of memory (20GB RAM+5GB page), and after investigation,

there was no real big "commit", but endpointprotection had a crazy count of "handles" (>>10k after few hours)

I investigated more and found it was related to my home supervision script calling curl many times a minute.
I've noticed that each time I just call "curl.exe" (the one in Windows/System32) not even with a parameter, endpointprotection add one handle and it does not decrease.

The leak ins not in curl, since curl is finished, but in endpointprotection.

On my side, I will try to mitigate the problem (like not using curl), but maybe you could try to replicate the problem and investigate the cause which may be of wider impact than just curl...

for me the replication is simple:

- installe avira with real time protection

- run task manager > detail for process endpointprotection, add column "handles"

- launch a cmd

- launch "curl" with no parameter, and see the "handles" in the taskmanager line "endpointprotection" be incremented

 

Best regards, hoping this helps.

0

Commentaires

3 commentaires

Trier par Date Votes
  • Avatar
    Alain Coetmeur

    I have tested with latest CURL 8.6.0 Win64 and there is no leak in endpoint protection.

    With the curl 8.4.0 provided in Windows, one leak of "handle" appears in endpointprotection for each call to Windows Curl 8.4.0

    Now I will use curl 8.6.0, but the reason the leak happen in endpointprotection and in no other process is problematic.

    I've tested on another PC with another antivirus (Symantec), and there is no leak in any process.

    for test I simply call:


    for /l %i in (1,1,10000) do curl 

    Hope this helps

    0
  • Avatar
    Alain Coetmeur

    I observed the leaks continues, and I've identifed that the cause is now th internal command

    TIMEOUT /T
    you can reproduce it with

    for /l %i in (1,1,60) do timeout /t 1

    and it will increase the Handles count by 60 in one minute

     

     

    0
  • Avatar
    Alain Coetmeur

    PING also cause handles leak in endpointprotection.exe
    You can reproduce it with


    for /l %i in (1,1,60) do ping -n 1 127.0.0.1 > NUL:
    0

Vous devez vous connecter pour laisser un commentaire.

Ce n’est pas ce que vous cherchez ?

Nouvelle publication

Support

À PROPOS D'AVIRA

Partenaires