View Full Version : What is ekrn.exe doing using up my bandwidth?
helaku
February 7th, 2008, 04:38 PM
Hello, I've been using ESET Smart Security without any problems for a few weeks. However, for the last couple of days ekrn.exe is constantly accessing u20.eset.com for no obvious reason and thereby using up bandwidth that I'm paying for.
Could anyone explain to me, please, what is going on and how I can stop this?
(screenshots of settings and connections attached)
Marcos
February 7th, 2008, 05:20 PM
I guess another program has downloaded something via http and the traffic was subsequently routed via ekrn
helaku
February 7th, 2008, 05:43 PM
What can I do to stop that?
Without downloading anything the MB figure under Received increases slowly while the Local IP increases constantly one by one; for example
0:0:0:0:1778
0:0:0:0:1779
0:0:0:0:1780
0:0:0:0:1781
0:0:0:0:1782
I can reboot and as soon as I'm online the above process starts to cycle through the Local IP addresses and the Sent and Received figures start to increase.
When I set the option "temporarily deny communication for the process" for ekrn.exe I cannot access the internet.
Can anyone shed light on what is going on, please?
wrathchild
February 7th, 2008, 06:07 PM
I had the same problem with EAV.
Simply...use another rule based firewall (without hard coded rules) and block ekrn.exe only to 89.202.157.130.
Or wait for ESET to remove hard coded rules from ESS and do the same thing ;D
technobeetle
February 22nd, 2008, 07:49 PM
This is strange. I run NOD32 v3 and CFP v3, and Comodo attributes my FlashGet traffic to ekrn.exe
CPF traffic monitor:
197980
Meanwhile, FlashGet:
197981
???
technobeetle
February 22nd, 2008, 08:12 PM
Nevermind. Seems ESET is configured to redirect certain traffic through ekrn.exe it order to scan it in real time
More here: http://www.wilderssecurity.com/showpost.php?p=1124960&postcount=17
And here: http://www.wilderssecurity.com/showthread.php?t=192730
ASpace
February 23rd, 2008, 04:42 AM
-{ Quote: "I guess another program has downloaded something via http and the traffic was subsequently routed via ekrn" }-
As far as I know 89.202.157.130 is an ESET server -> u20 , no longer used for updates. It is impossible to be ^something else^ downloading from u20.eset.com ... ?
It must be either ESS trying to update or ESS submitting info for ThreatSense.NET ....? But 25 Mbs received is too much ...
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums