Kaspersky
Question

Microsoft Outlook Extension, What benefits does the add-in/extension connection offer in return for the increased CPU load?

  • 15 October 2021
  • 5 replies
  • 58 views

Userlevel 3
Badge

Hello. I noticed the following while testing KIS with Outlook:

There is an option called “Connect Microsoft Extension” (default enabled) and there is a corresponding add-in installed in Outlook. Disabling this option decreases KIS CPU load while IMAP transfer is happening.

What benefits does the add-in/extension connection offer in return for the increased CPU load?


5 replies

Userlevel 7
Badge +6

Hi @Timur Born , 

The connected add-in checks already downloaded emails in the local Outlook database (ost/pst). Whereas the Mail Anti-Virus checks the emails when getting/sending emails (by scanning traffic). 

Userlevel 3
Badge

Hi @Igor Kurzin ,

thanks for the explanation. Does the add-in check the files every time Outlook is started or new mail is transferred and is the whole file checked every time?

These files easily grow into several gigabytes size, so I imagine this to cause quite some load (which seems single-threaded/core only).

Userlevel 7
Badge +6

Hi Timur, 

Checking the whole Outlook database would be an overkill, the emails are checked when accessed by the user. 

How big is the difference in CPU consumption with enabled add-in and with disabled add-in?

 

Userlevel 3
Badge

CPU consumption is surprisingly hard to compare. When I first checked this back and forth the difference was between one CPU core being maxed out with add-in vs. not being maxed out (peaking at maybe 70%). But last time I did an IMAP transfer without add-in the core was maxed out anyway, just like before with add-in. And in both cases it kept being loaded for some time.

Just now I did the first Outlook IMAP transfer of the day with and without add-in and AVP load was hardly measurable at all, like close to zero.

I think the initially high load and measured differences were caused by Windows search indexing going through all mail (as in being “accessed” for indexing). That is because I specifically set up Outlook for the first time on this installation for testing KAV.

I will keep an eye on this, now knowing the difference between both settings. Currently I initiated Gmails “All E-Mails” folder being downloaded (does not happen automatically when Gmail is set up in Outlook). So let’s see what happens with indexing and KAV load once that is finished.

Userlevel 3
Badge

I deleted the Outlook profile and recreated it, thus initiating all IMAP folder being redownloaded anew. The following measurements were done *during* initial download of IMAP folders (aka first time download):

Outlook add-in enabled (4.16% = 1 core maxed out, peaked at around 3%):

Outlook add-in disabled (add-in thread marked gray):

This seems to suggest that the add-in does check mails during transfer, not just already downloaded mail in the PST/OST files. I was rather surprised that without the add-in there was no AVP load at all, as if transferred mail wasn’t checked?

CPU load only happened during the first transfer, even when I clicked on folders that were not populated by the first transfer and thus downloaded afterwards. No maxed out thread/core today, so I assume that KAV still uses its cached results despite me having deleted and recreated the Outlook profile (including the OST file being deleted when the profile was deleted)!?

Downloading the “All Mails” folder after initial transfer does not cause AVP load (with or without add-in), despite this folder being the largest of them all (gb of data).

Rebuilding the index from scratch doesn’t cause AVP load.

So overall it seems that the add-in does create extra load, at one point even considerably more on a single CPU core. But once everything is settled it doesn’t seem to make (that) much of a difference.

Reply