Hi,
I tried the beta hoping that this issue:

http://www.sevenforums.com/network-sharing/21353-memory-blocking-while-downloading-large-data-files.html

may be resolved, but I guess I'm out of luck. I have Smart Security installed and when using Internet Download Manager my OS stays up for about 10 GB of download - after that, the system runs out of memory (I have 4 GiB of RAM) and eventually crashes (BSOD).

Has anyone found a solution for that? I don't want to uninstall ESET, my license is valid up to December :/

We all are still anticipating a hotfix to the bug from Microsoft.

why dont kaspersky, vipre and mse have the problem? i can assure you on this pc it's only on smart?

Are you sure that the products you've mentioned take advantage of WFP introduced in Windows Vista? Probably not or they would suffer the same problem.

ah! i see

bug exists since win vista and still not fixed: i doubt it will fixed in the future.

eset will wait forever for nothing, why don't they change the code that generate the leaks ?

and for other products, i dont see they have this leak, so......

it only happens here on ess and not eav? any reason for that?

-{ Quote: "it only happens here on ess and not eav? any reason for that?" }-

it happens with the antivirus scan http module, so also with eav.

-{ Quote: "Are you sure that the products you've mentioned take advantage of WFP introduced in Windows Vista? Probably not or they would suffer the same problem." }-

Exactly as Marcos stated, this is a Microsoft problem. I have seen it discussed on the TechNet forums and it is a known problem with WFP. They (Microsoft) need to fix it and all of the complaining here isn't going to change that.

Very strange. I use Windows 7 64-bit, and my Eset 4.2 is working just fine :D I haven't experienced memory leak or anything trouble-related during my 2 years as a Eset costumer.

Best regards,

Hagla007

The screenshots in the aforementioned forum don't show a high memory usage for ekrn.exe. If disabling HTTP checking helps, it must be the memory leak caused by a bug in WFP.

Installed the beta at the advice of another thread where I was asking how to stop/restart ekrn.exe every 2 weeks as a way to keep the leak within some limits. The same thing happens, the system has been running for 4 days and ram usage is up from 47MB at startup to 87MB. With a steady climb of some 10MB a day. The farthest I have gotten has been 143MB after 2 weeks. There is possibly, no limit.

Setting HTTP checking to disabled for the duration of the test did not help.

I think ESET should actually take this one seriously and check it out on a system to see if they can reproduce it. There are many antivirus programs out there with HTTP checking and none of them exhibit this behaveiour that the "windows bug" is causing, surely ESET can work around it.

EDIT:

I have installed the 4.0 again and effectively RIPPED EPFWWFPR OUT OF THE PRODUCT. Thanks to ESET's highly modular design, deleting the proper files, registry keys, and uninstalling epfwwfpr from device manager resulted in a 100% working antivirus that no longer has the network component, it's not even in the advanced options anymore. It is currently using 44MB RAM, I will post later on how it's going.

-{ Quote: "
Setting HTTP checking to disabled for the duration of the test did not help.
" }-

If so, I'd strongly advise that you generate a complete or at least kernel memory dump from that state and convey it to ESET for perusal (or better let me know here). Instructions for generating dumps are available here (http://kb.eset.com/esetkb/index?page=content&id=SOLN380&actp=search&viewlocale=en_US&searchid=1264538553509).

-{ Quote: "If so, I'd strongly advise that you generate a complete or at least kernel memory dump from that state and convey it to ESET for perusal (or better let me know here). Instructions for generating dumps are available here (http://kb.eset.com/esetkb/index?page=content&id=SOLN380&actp=search&viewlocale=en_US&searchid=1264538553509)." }-

Would a minidump of OOM BSOD be of any use? I have one. I'll also create a kernel dump next time my OS is close to running out of mem...

EDIT: all right, I don't know how that happened because I was sure I tried that before, but it seems like disabling HTTP checking indeed helped in my case. That's the kind of workaround I was hoping for, so thank you for the suggestion!

-{ Quote: "They (Microsoft) need to fix it and all of the complaining here isn't going to change that." }-

We all know that, but why doesn't eset ask Microsoft to fix it?

Obviously Microsoft listen more a company like ESET and not the eset users that complain.

And since this bug is known by a long time, why Eset doesn't find a solution , at least, to avoid the leak?

just asking, i'm not here to create trolling words.

Hello,

Many of ESET's employees are discussing the issue with many of Microsoft's employees, bubu83. It could be that the solution is particularly complex to implement or has other dependencies or unexpected issues associated with it.


Regards,

Aryeh Goretsky

-{ Quote: "We all know that, but why doesn't eset ask Microsoft to fix it?

Obviously Microsoft listen more a company like ESET and not the eset users that complain.

And since this bug is known by a long time, why Eset doesn't find a solution , at least, to avoid the leak?

just asking, i'm not here to create trolling words." }-

I agree, but Microsoft does things on their own timeline. If it's not a security hole, they may take a good long time about it. Someone would have to make a big embarrassing public stink about to get them to give it priority.

I think it would be a good idea to somehow inform users about the problem in the Smart Security configuration. Maybe a warning when a user tries to enable HTTP checking on affected OS without a hotfix (when there's one) installed? I think it would be beneficial for ESET, since as you can see when problems appear after SS is installed, people blame ESET, not Microsoft.

I will probably generate one later on. I have 7MB of RAM and a memory dump will take forever not to mention I have no idea how to submit something of that size to ESET. I just want to report that in the last 12 hours ekrn climbed 3.5MB so the behaveior seems to STILL be there. This may be of some help to the ESET developers since the firewall driver is NOWHERE on the machine right now and thus not loaded into ESET yet the activity continues.

-{ Quote: "I just want to report that in the last 12 hours ekrn climbed 3.5MB so the behaveior seems to STILL be there." }-

A difference of 3,5 MB in memory consumption is negligible and is normal. If it grows significantly (over 80-100 MB), let me know and I'll PM you a location to upload the dump (perhaps a process dump that can be created from within the task manager would be enough).

Then I'm afraid you will have to wait for a week until ekrn has grown considerably in size and I can provide a meaningful dump.

-{ Quote: "Then I'm afraid you will have to wait for a week until ekrn has grown considerably in size and I can provide a meaningful dump." }-

i dont understand if you are speaking about the leak created by the faulty bug "eset http scan / microsoft win7/vista ".
if yes, just enable hhtp and do a huge download and watch in the performance tab of task manager the kernel memory NonPaged raise to the limit!
to resolve Untick "enable http checking" in the eset configuration. then you will see a orange icon in the protection status window.

Then just use a good internet browser that prevent you to download viruses and brothers until Eset/Microsoft resolve this annoying bug.

-{ Quote: "i dont understand if you are speaking about the leak created by the faulty bug "eset http scan / microsoft win7/vista ".
if yes, just enable hhtp and do a huge download and watch in the performance tab of task manager the kernel memory NonPaged raise to the limit!
to resolve Untick "enable http checking" in the eset configuration. then you will see a orange icon in the protection status window.

Then just use a good internet browser that prevent you to download viruses and brothers until Eset/Microsoft resolve this annoying bug." }-
That isn't happening. What's happening is that ekrn keeps climbing about 5 MB a day regardless of what I do and it has no limit, it will go up and up for as long as it's running.

Re. a fix for the issue with WFP, a guy from MS has recently posted the following in the MSDN forum:

-{ Quote: "Current plans has this as a February release. Once the package has been released, I'll post a link to the fix's location.

Hope this helps
Dusty Harper
Microsoft Corporation" }-

Is that a release on microsoft's site or windows update? Either way I've seen AV installers include KB files, mainly C++ redistributables, ESET could include their update in the antivirus installer right?

And there's (http://support.microsoft.com/kb/979223)Microsoft's hotfix.

ok downloading it now.

-{ Quote: "And there's (http://support.microsoft.com/kb/979223)Microsoft's hotfix." }-

sorry where is the link for x64?

Hello,

You may need to click on the "① Show hotfixes for all platforms and languages" link to see all of the avaialble versions of the patch.

Regards,

Aryeh Goretsky

-{ Quote: "Hello,

You may need to click on the "① Show hotfixes for all platforms and languages" link to see all of the avaialble versions of the patch.

Regards,

Aryeh Goretsky" }-

thanks you so much... :)

next question does it work ????

Hello,

Testing is ongoing, but so far it appears the issue is resolved. The nature of the issue requires downloading large amounts of data to exercise the bug in WFP, so so additional time is required for validation.

Regards,

Aryeh Goretsky

-{ Quote: "next question does it work ????" }-

Does seem to be working. However I've the case where mem stayed stable then suddenly started too disappear after a day. Still running.