100% CPU Usage

Yes . I am not posting if I am not sure , right

 

i use to love v2 cause it made bitdefener look like crap and avg. Things were good til i went to v3 then it happen, never touch the settings, jus saw the high cpu. never know it was the "unwanted applications option" in setup that was causing it and the Advanced heuristics(makes it not seem that advanced). Anyway i was willing to work with nod32 and find a solution but its threat detection is not as good as it use to be. i mean i look at a tumb drive virus in my face and nod did ntn, avira did sumting to protect me. Fix the issues plzzz and spot make it seem theres no problem with your software.

 

if you say so

Joke aside, I think that ESET should optimize their AH on access...that feature is the only new feature worth upgrading (from my point of view) but when you enable it you got unusable OS ...with AH on access enabled, EAV acting almost just like a virus (in terms of OS usability)

 

I respect your opinion but instead of enabling AH for on-acces , why don't you install ESET Smart Security and use its firewall to increase the protection level of your machine AH by default is really enough . I have only once come accross a case where AH for on-access was handy to be on .

 

Because of hard coded rules and undefined (not clarified) options and rules priority.
I had intention to switch to ESS but many concrete questions related to firewall hasn't answered and because of that I don't have enough trust in firewall which is in ESS.

 

Marcos,I have NOD on this computer XP Pro. and Advanced Heuristics are on all the time. Very,very seldom do I have a problem. But I tried it on two other computers and it would not work. There is a problem and it doesn't seem that Eset cares.

 

As for the so called hard-coded rules , you can disable them completely if you want to - any of them.







What concerns you in the "rules priority" ?

 

It seems that ESET has concluded that the reason for this behaviour is by design. (and possibly a mix of user-enabled options...?)

So, I think many will appreciate if Marcos or ESET will post a definitive and comprehensive reply, or make the information available in the knowledge base about this matter. A 10-page thread is probably not something everybody wants to go through in order to find the solution.

Besides, please don't hijack the thread and post irrelevant matters. Afterall, this is an official support forum, not your personal blog or whatsoever.

Thanks to Marcos and everybody who've contributed.

 

Thanks for you effort but I've tried this long time ago and you can disable some of them but not all...that's the thing I don't like.

And for rules prority, look at this threads:

https://www.wilderssecurity.com/showthread.php?t=191904
https://www.wilderssecurity.com/showthread.php?t=220282

...there's no concrete clarification which rule is more "specific".

 

Some of you here have reported problems with certain avi files when ekrn was consuming too much cpu resources when scanning them. The files were unfortunately so large that you could not submit or upload them. Anyone having a problem with high cpu usage when scanning avi files, please drop me a PM and I'll send you a tool that will help us pinpoint the issue.

 

One of the reasons I switched to NOD32 about two years ago was the low resource usage compared to other AV programs.

I've had intermittent problems over the last six months with NOD32 and went back to version 2 on one computer as a result. Currently I have a dual-core, dual-processor Opteron box running Vista x64 with 4 GB of RAM. I am using version 3.0.672. It was fine until the last week or so and suddenly ekrn is running at very high percentages, often above 50% and sometimes above 60%. Let me tell you, it takes something to push this box that hard.

I've added exceptions to the datastore as recommended in an earlier post in this thread and it hasn't helped. At the moment, I have three programs open and am not doing anything with them. Visual Studio 2008, MS SQL Server Management Studio and Mozilla Thunderbird. Ekrn is using 40% of CPU.

Any suggestions would be appreciated. I will either solve this problem in the next few days or be looking for another product. I'm tired of fighting with it.

 

Well I see this problem is still around months later. I went to open Firefox on my laptop and the laptop slowed to a crawl preventing me from doing anything. Ekrn was using 50-90% of the CPU. XP P ro SP3 2GB ram. Back in Nov 07 I reported this type of problem. Now I am wondering if this is the reason I am having similar lock ups on other computers here as they too have v3 installed.


Virus signature database: 3490 (20081002)
Update module: 1024 (20080514)
Antivirus and antispyware scanner module: 1153 (20081001)
Advanced heuristics module: 1076 (20080917)
Archive support module: 1082 (20080911)
Cleaner module: 1032 (20080724)
Anti-Stealth support module: 1002 (20080723)

 

I think the answer is pretty obvious. I think we all know what needs to be done. So lets do our Jobs.

 

Other than going back to version 2.7 of NOD32 on the computers that are experiencing total system lockups is there a FAQ for those of us running NOD32 antivirus and experiencing this problem. This thread is over 10 pages long and is hard to sift through the chaft to find the information.

 

Not sure if this helps... Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) has just been updated to 2.0. With this new version, you can see what files a particular process is accessing.

For example, you can setup a filter to show only the FileRead operations involving the process ekrn.exe

http://img374.imageshack.us/img374/4370/newpicturesg8.png

Have a nice weekend!

 

In my case one of the computers experiencing lockups so severly that I can do nothing.. ALT-CTL-DEL does not do anything. I have to wait until the lockup ends which may be 30s or so.

 

If the problem with high cpu utilization occurs with default settings, try setting the real-time protection to scan files with default extensions instead of all files. If that helps, re-enable scanning of all files and use Process Monitor to find out what files are actually scanned. If the problem occurs with avi / log files, please let me know, we'll try to figure out the root of the problem with your assistence.

 

here we go again.

 

I've mainly been working on vista pcs and never really noticed this problem until using my XP rig recently, and it has been a complete nightmare. I've always stayed faithful to ESET for many reason but this one reason is making me change out of frustration. I'm sorry but the threatsense technology seems totally broken. Here's what I'm talking about:

Firstly, my exclusions are taking no effect at all, as you can see, not only have I excluded entire ESET folders, but also the extensions, yet they are still scanned, fail.

http://img411.imageshack.us/img411/4279/wtfuf4.jpg

Secondly, this picture is taken from about a 20 second gap, so all these events happened in 20 seconds, can you explain to me why you would find it necessary to scan aoe2_x1 100 times when I haven't interacted with it in any way? I have no idea what it's doing to steam, but I only just booted that up. To summarize, this seems like an awful lot of events in such a short period of time, and scanning random things I have interacted with in no way is ridiculous, and to be honest, I'm kind of concerned what effect this is having on my hard drive, never mind the CPU.

 

Excluding files doesn't mean that access to them will be blocked automatically (e.g. adding ekrn.exe to the exclusion list wouldn't cause the kernel service to stop working because of denied access). This is what you are refering to; the ndb file is never scanned, it's only acccessed for some reason and thus excluding it won't make any difference.

Try uninstalling EAV and re-run the test again with everything included in logging. You'll be surprised by the result. On my Vista with NO EAV/ESS installed, the system or running programs opened 5900 files in 25 seconds.

 

Changing to default extensions did not in my case. I am unable to bring up task manager usually or do any keyboard or mouse input when this occurs. I have to wait it out.

 

I guess I didn't make it clear, this is a ekrn.exe filter, not a global filter. But I guess you are referring to prefetch/vista services, which isn't what we are debating here.

 

i tink u should put ".log .ndb .theme .txt" rather than without the full stop '.' cause i dnt think eset knos its a extention wen u put it like that.

try it...

 

Haven't tried it, but I'm sure Marcos would have pointed that out if it didn't work.

I do have a theory though, working on a XP machine the other day I had yet another high cpu usage spike, I notice that disabling antivirus and firewall does not stop the CPU usage, which lead me to assume it first finishes scanning an object before shutting down. Now this spike lasted almost 3-5 minutes, and if it was just 1 file, it must have been pretty big. Now for the theory:

I use a fake disk (ramdisk) for temporary files, these include: Browser Cache, Windows TEMP dir & other programs' cache. It's about 512MB in size and I have, in the past, noticed errors from nod32's scrolling scan log about files being to big to open because the drive didn't have enough space (or something similar). These files were usually skipped and I never really payed any notice.

I use this to keep disk I/O to a minimum basically, and was wondering if threatsense is struggling not understanding this, thus creating the high CPU usage?

Note: I have this also on my Vista machine, but the ramdisk has around a gig in size, so maybe that's why it's not affected.

 

Could you please run Process Monitor when this occurs and check what file operations are being performed by ekrn.exe at the moment?