Windows Defender_Does it scan, monitor, or engage XP_SP3 at shutdo

[ptmx2]

I am using the following version of Windows Defender.
WD v. 1.1.1593.0
Engine v. 1.1.4205.0

I need to know how windows defender behaves when a user chooses to shut-down
the PC running XP_SP3. This install takes a very long time to shut-down at
the end of the day. It Saves Settings efficiently enough, displays the
"Windows is Shutting Down" dialog box, and then appears to do nothing for 4-5
minutes before shutting down.

WDefender is running with automatic scan startup 1/day.
All default actions are enabled;all real-time protection is enabled.
Both WDefender notification options are Disabled.
Both administrator Options are enabled.

The XP install includes a running current version of UPHClean. The Event
Viewer displays NO system, security, or application errors. I have checked
the system and application logged events immediately prior to the shut-down
looking for clues but have found none.

Suggestions?
thank you,
ptmx2

 

[Bill Sanderson]

I've observed Defender on dozens of machines over time and this symptom
seems unlikely to be caused by it in my experience.

What other anti-malware apps are running on this system? Have you tried
shutting down with task manager running and listing all tasks? I think the
shell exits pretty early, but you might spot something.

Does it make a difference whether or not a network is connected?

 

[ptmx2]

thank you for the reply.
In answer to your questions and comments:
- I am not using any other anti-malware application per-se. I do run the MS
monthly Malware executable however.
2.) Task Manager. I have not tried shutting down with TM running and listing
tasks. By TASKS are you referring to applications, processes, or both?
3.) My computer is a stand alone with access only to internet through ATT
DSL. I don't use a router.

Just for fun I will shut down and disable my Internet connection to see what
effect that has.. I will also shut down with TM running and observes the
processes screen to see what happens. Normally, I have 26 processes listed.
We will see. I will post back with any results.
thanks
ptmx2.

 

[Bill Sanderson]

Yes - watching processes is what I had in mind. Not sure it'll show you
anything of use, but maybe something that you'd think should shut down
quickly will show as sticky.

I asked about other antimalware apps just because having multiple running at
the same time does sometimes lead to issues--but not particularly to the
issue you are experiencing, as far as I know.

The other way at this would be to use MSCONFIG (start, run, msconfig
<enter> ) to restart the machine with minimal third-party stuff running, and
then triage by gradually adding stuff back in to see whether you can spot
where the problem happens.

I guess the quick thing to check before you did that is whether this happens
when you start in Safe mode? I'd assume not, so then the idea of going
through various iterations of starting stuff with MSCONFIG would make sense.

 

[ptmx2]

Thank you Bill.
I was not fast enough to catch the task managers processes window during a
shutdown. Your suggestions about MSConfig and Safe Mode are good, and I will
work on both. FYI, I have examined the EventLogs for Applications, Security,
and Systems. The info there is very helpful for inventorying start up and
running events, but rather brief regarding shutdown activities.

There is something that occurred to me that you may also be able to help me
with. How can create a "shut-down" log for XP? (There may already be
something like that produced by XP automatically.) If I could get XP to
create a shutdown log, hopefully it would list each process, application,
etc, as shutting down occurred and give me things to investigate further.

ptmx2
.....................................................

 

[ptmx2]

Bill -
UPDATE:
Since my original question has been addressed, ie, IMO Windows Defender does
not do work (actively monitor) the XP shut down process. It does have two
..exe processes running, however in my case neither appears to be interfering
with my XP shutdown process or contributing to the long shutdown time. I have
tried each of your suggestions. They helped me to see what is not a problem,
but so far my XP install is still very slow to shut down. My next step will
be to try to create a log of the complete shutdown process in the hopes of
seeing a clue I can then explore.
thank you for you assistance.
ptmx2

 

[Bill Sanderson]

I haven't found anything about producing such a log. Some third-party
shutdown applications produce logs, but I think they just list the actions
taken by those programs, not the details of service termination, etc.

I found this rather comprehensive, but perhaps a bit dated, analysis of
shutdown issues which might help:

http://www.aumha.org/win5/a/shtdwnxp.php

Thank you Bill.
I was not fast enough to catch the task managers processes window during a
shutdown. Your suggestions about MSConfig and Safe Mode are good, and I
will
work on both. FYI, I have examined the EventLogs for Applications,
Security,
and Systems. The info there is very helpful for inventorying start up and
running events, but rather brief regarding shutdown activities.

There is something that occurred to me that you may also be able to help
me
with. How can create a "shut-down" log for XP? (There may already be
something like that produced by XP automatically.) If I could get XP to
create a shutdown log, hopefully it would list each process, application,
etc, as shutting down occurred and give me things to investigate further.

ptmx2
....................................................

--