100% CPU Usage

Discussion in 'ESET NOD32 Antivirus' started by Daegalus, Apr 25, 2008.

Thread Status:
Not open for further replies.
  1. Workin4God
    Offline

    Workin4God Registered Member

    I have the same issue with XP SP2. I have Eset installed on 45 workstations, and only one of them has this resource hog. Every morning when it is started, 99-100% system resources taken up for 6-10 minutes. However, when I reboot during this Ekrn problem, it works perfectly. I have uninstalled it, cleaned up windows files, and reinstalled it. Removed all Adv. Heuristic settings on all sections, and its still the same.
    AMD 3800+
    1.5 GB ram
    XP 32bit SP2 (tried SP3 RC - no difference)
    NOD32 AV 3.0.621



    automatic real-time file protection disabled, and still the same results.
    Last edited: May 2, 2008
  2. Angelico_Payne
    Offline

    Angelico_Payne Registered Member

    I dont know if the problem has been resolved.

    But i am having similar issue with kernel executable going up to 100% load, slowing down system and freezing up programs that are using the files requested e.g.

    The system on which it was tested are clean XP2, XP2 fully patched, and XP3 RTM.

    There is more then noticable speed up of system after nod32 is deinstalled.

    When applications are addded, the most affected program is WinRAR, and I notice that arhives are the most problematic, when accessed, and unpacked.

    Nod32 Antivirus version is 3.0.650.x Buisness edition.

    I perform the installation of nod32 unattended trough guirunonce, and then copy over updates into installation dir, and then import registry keys to set it up properly.

    Any workaround or suggestion?
  3. JVM
    Offline

    JVM Registered Member

    According to what I saw on Eset's website, the version 3 antivirus software is not listed for 64-bit Vista, or 64-bit XP, only 32-bit. Version 2.7 is available for 64-bit Vista and XP. This is just the antivirus program and not the suite, which does offer 64-bit software.
  4. piranha
    Offline

    piranha Registered Member

    you didnt look well

    ESS/NOD32 v3 for XP/Vista 64 bit here

    http://www.eset.com/download/home-64bit.php

    the link for the page above for 64 bits english version is just between v3 and v2.7 here. v3 64 bit version is available also in french, spanish, dutch, romanian.......
    Last edited: May 5, 2008
  5. JVM
    Offline

    JVM Registered Member

    I don't think the page looked that way when I saw it. Maybe they changed the page, don't know, but I did look carefully more than once.
  6. Philippe_FR22
    Offline

    Philippe_FR22 Registered Member

    Hello,
    Did you check svchost.exe in advanced configuration tab (web browser configuration) and proactive protection or not ?
    Regards
  7. DSM
    Offline

    DSM Registered Member

    I've just recently installed NOD32 AV and I'm experiencing this same issue. In my case I've been able to narrow it down to what appears to be an incompatibility with PC Tool's Spyware Doctor application, specifically if Spyware Doctor's "File Guard" option is turned on. Turning that option off seems to make the 100% CPU problem go away.

    Unfortunately it appears that there are other incompatibilities between these two apps as well, but I'm still in the process of finding what they are. For now, all I can say is DON'T plug in an external USB drive if these two apps are active, it will totally lock your system up (I've got both a desktop and a laptop that I've confirmed this problem on).

    I've only recently installed these apps after previous products expired this week, so I can't comment on how any previous versions of NOD32 and/or Spyware Doctor may have been different. The problems so far have been very consistent and 100% repeatable on two separate systems, though.

    EDIT: Laptop is P4 (3GHz, 1GB RAM) XP Home SP2. Desktop is P4 (3.2GHz, 2GB RAM) XP MCE SP2
    Last edited: May 7, 2008
  8. DSM
    Offline

    DSM Registered Member

    A quick addendum to my previous post:

    It's not actually maxing the CPU, but the system sure responds as if it is. I decided to risk a bit more testing and was able to confirm that the CPU was not any busier than normal during the severe slowdown that occurs, but all system reactions appear as if it is (15-30 second delay to any actions that will respond at all, other windows totally unresponsive with no updating, etc.). It's as if something is locking up system threads/processes without actually utilizing CPU time to do it.

    I haven't done any further testing on the USB drive connection issue because I have no desire to corrupt my file systems any more than necessary. :)
  9. Bunkhouse Buck
    Offline

    Bunkhouse Buck Registered Member

    Same here, and it caused me to uninstall the program.
  10. weevil
    Offline

    weevil Registered Member

    I've just started having this problem with v3 on a 2003 server. It seems that its harassing volume shadow copy - where or how can i tell it no to touch shadow copy?
  11. loyukfai
    Offline

    loyukfai Registered Member

    I'm having the same problem with both 3.0 and 2.7.

    As you know, it doesn't use up 100%, but will use as much as available.

    In 3.0, it's ekrn.exe. In 2.7 it's svchost.exe, which as I understand, one of the NOD32 module is attached under it.

    Attached is the process explorer capture of running programs.

    Any suggestion to pin-down the issue or solve the problem...?

    View attachment Procexp.txt

    Edit: Sorry, maybe not with 2.7... It seems that Wuaueng.dll (Windows Update) is also causing high CPU usage under svchost.exe... Need more time to figure it out...

    For 3.0 it's definitely ekrn.exe through.
    Last edited: May 10, 2008
  12. freitasm
    Offline

    freitasm Registered Member

    I am running NOD32 Business Edition (3.0.650.0) on a Windows Server 2008 Enterprise.

    If there is any intentisve I/O operation in progress I notice that NOD32 goes to use any spare CPU cycle. Even after the I/O is finished NOD32 continues to use all idle CPU, to the point that IIS7 ASP processor becomes non-responsive and I had to reboot this machne.

    Not good for a machine that's been up for month without rebooting to be rebooted three times in the same week because of security software.

    So for the moment being I will be removing it until we have some more information if it is safe to use again.
  13. edwin3333
    Offline

    edwin3333 Registered Member

    In the last two days I've upgraded 100 of my 600 machines from Nod32 2.7 to 3.0.650. A number of these people are complaining that their machines are becoming unresponsive for extended periods, with ekrn.exe taking a large chunk of the CPU.

    In 2.7 I had ALL the real-time scanner options turned on w/out this problem.

    What are the proper settings for 3.0? I've set them back to default values if you do a new profile in RA. But it's still doing the same thing. The defaults have Advanced heuristics: no (Scanner/file-system filter) as well as under objects, Archives:no runtime packers:no email:no operating memory:no. I had those all on, major CPU issues. Back to default of off, still issues.

    Or is this just the nature of Nod 3.0? This is the reason we moved away from eTrust ITM. :(
  14. davenet
    Offline

    davenet Registered Member

    I also noticed 99% CPU usage by ekrn.exe on a machine I am running at home. I also had CounterSpy running on there. I removed that and immediately the CPU usage went back to normal. I'm going to monitor any other computers I find with this situation to see if maybe a similar program (anti-malware, etc) might be conflicting with NOD32.

    David
  15. piranha
    Offline

    piranha Registered Member

    I read several post here about this 100% CPU usage with v3. I am just a home user and i downgrade to v2.7 mostly for this reason. I think, you guys should do the same and wait until this bug will be fix. V2.7 is really perfect and run very well, you will be still well protect.

    For svchost.exe and v2.7, you may try to disable automatic windowsupdate. Seems that MS change something, i didnt have this problem before with v2.7, just be sure to start your windowsupdate manually when available, as soon as possible.
  16. loyukfai
    Offline

    loyukfai Registered Member

    With regard to the svchost.exe & Windows/Microsoft Update issue, the fix mentioned in the post below worked for me somewhat.

    By somewhat because svchost.exe still eats quite a lot of CPU time while WU/MU runs, but not as much as before.

    http://www.dslreports.com/forum/r20527651-
  17. kem
    Offline

    kem Registered Member

    I just wanted to add my two cents into this thread and say I upgraded my mothers XP SP2 workstation to from 2.7 to 3-0-657 yesterday and I'm experiencing the ekrn.exe 100% cpu usage problem when I try to use Windows update.

    I've read various threads about this issue but no definitive resolution short of reverting to 2.7 or disabling NOD32 from other users or most especially from ESET.

    ESET - What is the scoop on this - is there an official workaround or fix o_O Please post it here.

    As many reports as you have I would expect a knowledge base entry, probably even a FAQ on the knowledgebase page.

    Thanks!
  18. Bakker
    Offline

    Bakker Registered Member

    We have also had an issue with this on one pc so far (currently only 7 pcs have NOD32 3.0 installed).

    In this case it was due to some leftovers of another virus scanner (McAfee). It's "Common Framework" was still installed. Removing this solved the high CPU usage on that PC.
  19. Bakker
    Offline

    Bakker Registered Member

    Scrap that, this did not fix the issue, after 2 reboots it returned to 100% cpu usage on that PC.

    Does anyone know how long 2.7 will be supported? I'd rather install that now and then move to 3.0 in a year or so.
  20. Blackspear
    Offline

    Blackspear Global Moderator

    I know of a couple of instances where excluding Outlook Express .dbx files resolved this issue.

    Cheers :D
  21. piranha
    Offline

    piranha Registered Member


    I did read here that v2.7 will be supported for more than a year
  22. cef1000
    Offline

    cef1000 Registered Member

    I have the same issue and can replicate it everytime. This started all of a sudden. I have no other adware/spyware apps running and have been using NOD32 from 2.7 to 3.x.

    I was having minor problems with my PPC6800 Syncing properly and didn't know exactly why. Was getting dup contacts etc. Turned off everything uninstalled and cleaned up what I needed to and reinstalled. Everything was working fine until the last reboot, which turned NOD32 back on after the install. Then got ekrn.exe bonicng between 98 & 100% utilization and the Windows Mobile device wouldn't sync again. opened up Task Mangler and there's ekrn hogging the world. I disable NOD32 and bang ActiveSync syncs like right now.

    I tested this over and over again going through all the settings I could find to exclude everything I could find to make NOD32 keeps it's mits off my PPC6800 and no way.

    I can watch the Handheld get it's IP address see ActiveSync connect after it does and bang ekrn takes over the world.

    Fully replicatable. What's wackier is that I'v been running 3.x since close to it's release in this same environement and all was god until the reinstall to clean up the duplicate contacts/Sync issue. So this mostly came out of the blue, I even update to the latest release of NOD today and still does the same thing.

    Arrrrgghhhh! Good program - BIG issue !!!!!!!

    I hate the thought of finding a different AV product again.

    I guess I can go back to 2.7 and see if it helps as well, but that shouldn't really be necessary either.

    Windows XP (SP2)/Fully patched, 2 Gig Ram, etc.


    cef1000
  23. Bakker
    Offline

    Bakker Registered Member

    Is there any way to see what NOD is actualy doing while it's CPU usage is so high? I've been seeing it spike a lot on this PC since some update yesterday afternoon, i get hangs in all kinds of programs now (IE, Outlook, Trillian, even a dos prompt) while NOD32 starts taking over both my CPU cores for minutes at a time.
  24. Jules31
    Offline

    Jules31 Registered Member

    Well now, I just posted under the topic "Why doesn't NOD get rid of all this stuff"
    I am a HUGE fan of NOD but:
    I just did a full NOD32 ver3 scan of a computer and it reported no infections.
    I then downloaded and installed Spybot, and caught x42 threats.
    Before running Spybot the computer was running 50-100% processor - and mostly 100% (so the NOD scan took 3 hrs, rather than the 15 minutes or so that it usually takes.)
    Anyhow, after Spybotting the computer the processor usage is now back to normal.
  25. cosmon
    Offline

    cosmon Registered Member

    Hi all,

    I am having the same problem in 1 out of 40 PCs... so far.

    Although i am not sure ekrn.exe is the culprit.

    Here is the status at my one "bad" PC:

    Windows XP SP2 + NOD32 BE 3.0.657.0

    1 - After booting (several times) ekrn.exe is high on cpu (reaches 99% and stays there)

    2 - STOPed "Realtime protection" + "Email Protection" + "Webaccess Protection" on NOD Control Panel

    3 - After a few seconds ekrn.exe goes to 0-3% CPU and SVCHOST.EXE takes over with constant use of 80% CPU

    4 - Using process explorer (great tool) I found the "abusing" thread to be "wuaueng.dll!DLLInstall+0x1c0d0" therefore realted to the "Automatic Updates" service.

    5 - STOPing the "Automatic Updates" service puts the "System Idle Process" back on top!!!

    6 - reSTARTing "Automatic Updates". Brings the problem back.

    7 - STOPing the "Automatic Updates" service and enablig "Realtime protection" + "Email Protection" + "Webaccess Protection" on NOD Control Panel, leaves the system stable after an initial CPU spike caused by the NOD update check.

    I will try to proceed this line of troubleshooting. Any help/comments are apreciated

    Regards

    Pedro Monteiro
    --------------
    Crashless - Servi├žos e Sistemas Inform├íticos, Lda
    pedro.monteiro@crashless.com
    www.crashless.com
Thread Status:
Not open for further replies.