Continue reading Security Agent Bloat: A Growing Concern
“Computer viruses are an urban myth.”Peter Norton, circa 1988
A while back a user reached out to me describing a problem of slow access to an external, bus-powered hard drive they had purchased only half a year ago. They said it was a USB 3.0 hard drive and they had also made sure to plug the drive into a USB 3.0 compatible port on their recently purchased laptop. The user also mentioned that the anti-virus solution they were using had unusually long scan times, sometimes running for over 10 hours.
They also described an issue of not being able to properly eject this same external hard drive after using it at the end of the day, but that was a separate issue that will also be covered.
After gaining remote access to this system, so I could see what they were seeing, I checked the configuration of the laptop. They were right, the laptop was powerful with a nice quad-core Intel process, 8 GB of RAM, and a SSD hard drive. But, all of this had little to do with why this external hard drive enclosure, which was a spinning disk, was performing poorly. I loaded the contents of the drive in Windows File Explorer and found multiple folders at the root of the drive. The user began navigating into the the folders and subfolders to find some files they were having issues working with. We navigated down five and six levels deep, and at each level I saw many other folders within each directory. I thought I had spotted the first issue, an index that was far too large to be accessed quickly.
Navigating back out to the root of the external drive, I checked the properties of the folder in which we had just explored and found that while it was not large in size, it had tens of thousands of files and folders within the folder. We checked a few more folders together at the root of the drive and they were the same way, tens of thousands of files and folders within each one. I explained that the drive was formatted as NTFS and that this type of file system kept a Master File Table which was basically an index of every folder and file on the disk. As this Master File Table became larger and larger as times went on, it can also became fragmented. This fragmentation could drastically slowdown the load times of folders and files within folders, because the actuator that controlled the read/write heads would have to constantly bounce around the disk to enumerate the files and folders with all their attributes within a specified directory.
We set about resolving this issue by lowering the overall number of files and folders on the disk. We used an application called 7-Zip to compress one of the folders at the root of the external drive and then deleted the original folder from the drive. This lowered the number of entires in the Master File Table, increasing performance almost immediately. Since the user had mentioned that they were seeing incredibly long scan times with their anti-virus solution, I also recommended we password protect the zipped files, which would keep their anti-virus solution from being able to scan the contents of the file.
Over the course of a few days the user managed to compress and password protect many unused folders at the root of the external drive. They reported back much faster performance of the external drive and the anti-virus scans were no longer taking unacceptable periods of time to complete.
Bonus: Cannot Safely Eject External Drive
We had one last issue to tackle. The user was still having an issue ejecting the disk safely after each use. We plugged in the external drive and were immediately able to safely eject the external drive. We systematically opened files on the external drive with each application they used to perform their work, saved the file, and then tried to eject the drive. Everything went smoothly until the user opened an AutoCAD application file, saved the file, and exited the program. The drive would no longer safely eject. We closed a “helper” program for AutoCAD we found in Task Manager and the drive safely ejected. I showed the user this workaround method and also mentioned that a reboot would allow them to safely eject the drive, too.