100% CPU Usage

Discussion in 'ESET NOD32 Antivirus' started by Daegalus, Apr 25, 2008.

Thread Status:
Not open for further replies.
  1. adamlau

    adamlau Registered Member

    Joined:
    Sep 23, 2006
    Posts:
    11
    I have four licenses, just thought I might add that I too have been experiencing high CPU useage with max options :'( . Unticked runtime packers for newly created and modified files, let's see how it goes for the next few weeks :blink: ...
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Default settings provide the best balance between system performance and detection. Since advanced heuristics and runtime packers are enabled for newly created/modified files, you are protected against threats that would be detected by AH/RTP. Also files run at system startup are rescanned automatically after each update and you can also schedule background scans.
    The new version that is being developed will display a warning when enabling non-default options that may have adverse effect on the system performance:
     

    Attached Files:

  3. Roadkil

    Roadkil Registered Member

    Joined:
    Oct 22, 2007
    Posts:
    52
    Location:
    USA
    So instead of fixing the problem Eset says its a feature that if you enable it
    it will "have adverse effects on your computer" so they might as well put a use at own risk label on it or at least a use at own risk if you don't might your cpu being handcuffed until it decides to let it go. I an SO glad that i switched over to Kaspersky.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Kaspersky doesn't have that feature, what makes you so glad? It's the same as having NOD32 with it off. :rolleyes:
     
  5. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    Doesn't? Do you know that for a fact? I could swear that when I tested the latest beta version, that I saw it there. I could be wrong, so I will reinstall it in a virtual machine to check it out better. But, I'm pretty much sure that it has that feature.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Advanced heuristics, as a complex code emulator, is a proprietary technology developped by ESET and no other 3rd party program uses it.
     
  7. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon



    Hello Marcos,


    Options not resolve 100% CPU erkn.exe usage.


    working fix emulate AH methods? Timing excess emulate stop freezing and dumping erkn.exe usage 100% cpu?


    Some options to consider.



    Most Regards,

    NF
     
  8. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    All vendors have their own technologies, at least, is what they all claim to have. Not that I am saying you don't, 'cos until a few weeks ago, I was a user of NOD32 3.0, so, I'm in position to say that you do. But what I meant is that Kaspersky and other vendors also (maybe not all) offer advanced heuristics/ agressive heuristics, using for the effect, different techonologies, I guess.

    That's all I said.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Which is basically what 2.7 offered, 3.0 takes it 1 step further, other AV's don't offer these extra features because if they did, they would end up with threads like these. ESET has been driving the train for new AV technologies since the dawn of time.
     
  10. sluk

    sluk Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    2
    My observation to the erkn.exe usage 100% in my XP SP3 system is during new program installation and copying of file with .exe extension. I came back to this forum just because I did a Google search in "erkn.exe 100%" and noticed that this is in fact a very huge problems for the recent release of NOD32, just wonder why ESET can have such a release for production use and leaving all her customers with troubles and unable to provide a solution for such a long period of time! Very disappointed :thumbd:
     
  11. otgkhan

    otgkhan Registered Member

    Joined:
    Nov 13, 2008
    Posts:
    7
    I am actually going to deploy Nod32 Business Edition on 208 Computers. So far I installed the client on 17 computers to test it out and two of them became extremely sluggish as soon as NOD32 was installed. I tracked the problem to Ekern.exe using the CPU at 100% and was really excited to find this form entry with exact same problem as mine.

    Of course, I am disappointed that there is no clear solution listed here for the problem. I followed the steps of turning off different features and, so far, it seems to have helped with one system.

    The other system goes into a frenzy as soon as I start Outlook 2007. I started disabling different features to solve the problem but I have disabled ALL protections (Real Time, Email, and Web Access) and the problem is still there. The only way I can use Outlook 2007 on that computer is if I uninstall NOD32. I tried to run Process Monitor and there is no one file that the kernel tries to read. Instead I think the problem is originating from its continuous queries to ESET registry entries in HKLM. The system calms down if I shut off the Outlook 2007, but that is not a practical solution.

    Seeing that this thread was started over 6 months a go, I hope ESET is close to releasing a fix for this issue. Does anyone know if they are even planning a fix for this problem?
     
  12. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    As you well mentioned, "this thread was started over 6 months ago".

    I won't say that they should, but don't you think that, by now, a fix should already have been released? Or a simple: Hey guys, we're investigating further and as soon as we come out with a solution, we'll let you know about. (6 months have passed and will anyone truly believe that now?)

    Since the very start, and I only joined near the end of the thread, but for what I could read the solutions passed to find out if ekrn.exe was checking some file, disable advanced heuristics, etc., all the advanced features you paid for. Basically, people pay for something that they won't be able to use on it's full power, or they can just uninstall it, just as I did and must say, quite glad that I did it. Would this be the ultimate fix for everyone?

    Clearly, something makes ekrn.exe use 100% of CPU. And what is more amazing is that it is not the same situation with everyone. To some, the cause of such is a certain file, to some, they just need to disable the advanced features they paid for. To many others, none of the solutions above will work.

    So, my guess, if I am not wrong (how can I truly know what is going on?), is that there is more than one cause for the 100% CPU usage. Just one thing is certain - the guilty is nod32.
     
  13. ram130

    ram130 Registered Member

    Joined:
    Jul 3, 2008
    Posts:
    29
    Location:
    Jamaica
    frankly yall seem me complaining any more? i have been virus free with ma new anti virus.
     
  14. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Well I already had 3.0.672 on a WinXP SP3 machine whose XP was within the last 3 weeks reinstalled. When I went via FFox 3.0.3 to this SourceForge link to download a utillity http://sourceforge.net/project/down...bootin-windows-299.exe&use_mirror=superb-east my computer locked up. Of course I could not get to task manager since the box was locked tight.

    When I started task manager and reloading the page I was able to see that in fact ekrn.exe was hogging the CPU. This was before I even told Firefox to where on my hard drive save the file to the hard drive! Then I followed Marcos suggestion and disabled Advanced Heuristics and Runtime Packers and the problem did not occur when the above link was reloaded.
     
    Last edited by a moderator: Nov 16, 2008
  15. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I am still having almost daily lock ups on my own XP SP3 machine which was freshly installed XP SP3 a couple of months ago. The latest was when I was on the phone with a client which was embarrassing to say the least.

    The symptoms are that the mouse moves but that is it. The computer will not bring up task manger or respond to any key clicks. I do no know for certain if it is .672 of NOD V3 because I can not get Resource Manager up in time. The lockup may last a minute or 2 during which time my Internet connection to my router closes.

    Have runtime packers disabled in Real Time. Threat sense has Advanced Heuristics and Potentially unsafe applications also disabled.

    Is there any application or procedure that I can follow to find out whether indeed NOD32 is causing this frustrating problem other than uninstalling NOD32?
     
  16. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076

    What I did to discover which files were locking up my system is configure the on-demand "context menu scan" to enable all features. Advanced heuristics, runtime packers etc, that way I could do an entire scan of the system by right clicking the C drive and selecting the nod32 scan. This scanned all the files with these extra features turned on and revealed to me the files that were causing the problem as it crashed in a certain directory. Then again, it might not even be ESET/file related.
     
  17. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,121
    Location:
    Las Vegas
    I was a long time user but got a refund for the security suite some months ago because of 100% CPU usage, and I just installed the newest version of the AV. The first day, no CPU spikes and quiet as it could be. The second day, I had two instances of 100% CPU usage and it literally froze my box for almost ten minutes on both occasions.

    This is the only AV I have ever used with this persistent issue. Clearly, there has not been a "fix" so the only alternative to this is to employ another AV which I have done.
     
  18. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    Same here!

    I even started a thread on the beta board congratulating Eset for no more 100% CPU usage, but it seems I spoked too soon. (Something usual on me.)

    I'm keeping the AV I have right now. Won't even bother to try Eset anymore. For what? Slow downs? Less protection (considering that in some cases people need to disable all the advanced protections)? Thank you, but no, thank you.

    Best regards.
     
  19. Roadkil

    Roadkil Registered Member

    Joined:
    Oct 22, 2007
    Posts:
    52
    Location:
    USA
    i also had the 100% usage. Pretty much eset is saying that "its not a bug its a feature" if you dont might the cpu usage. but if you do mind it your solution is to turn of the AH which is what eset has prided its self on. so i am glad that i have killed eset and have switched over to kaspersky and since have had no 100% usage.
     
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I'd much rather help improve ESET by actually doing some work and finding out the problematic file, as I did in my case, I found the file, they fixed it. Then I get to stick with the awesome detection rate and performance I love, which is far superior to KAV. Bye.
     
  21. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,121
    Location:
    Las Vegas
    I installed 2.7 on my XP Pro machine and there have been zero instances of CPU spikes which is just what the doctor ordered. I'll keep this on my machine until something changes. Runs lighter than Avira Premium and Norton- at least on my laptop.
     
  22. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    I tried to solve the 100% issue by monitor erkn.exe with Process Monitor and, honestly, it just gave me a damn headache looking at all what was being shown (and only for ekrn.exe, which I set with a filter).

    At the moment, I am not experiencing any 100% usage, at all. I didn't exclude any file or files that I could see through Process Monitor, because as I said, it gave me a damn headache.

    What did I do? No, I did not disable advanced heuristics and runtime packers. I excluded all my other security apps (link scanner + antispyware + firewall) from being monitored by NOD32.

    Maybe you all could try that!

    Now, a final suggestion for Eset:

    Either a bug or "adverse effect on the system performance" or whatever you guys wish to call it, why don't you just implement a control mechanism to NOD32 AV and ESS to control the high CPU usage? Is it possible? If so, then whenever that control mechanism notices ekrn.exe using more CPU than it should, it will lower the CPU usage by it.

    It could be done, right?

    Best regards
     
  23. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    See the security programs you excluded, do they run any real time applications?

    edit: To expand on that, it's quite possible for two real time applications to crash into each other, as most will scan anything being accessed, if a file is accessed by one scanner, the other scanner scans it, which can make the original scanner scan it again etc and it can potentially create a loop.
     
  24. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    I guess I talked too soon. I thought that excluding such security apps from being scanned by NOD32 would fix it, but it didn't. Well, it did. But, I had to format my system and nod32 started going crazy again, even with my security apps excluded.

    There's nothing new in the system that wasn't here before. There are actually some apps that I needed no longer and that I didn't install. Maybe that's what causes the 100% CPU usage now, lack of apps, which Nod32 loves them so much and it's getting angry at me? :D

    Well, I'm leaving Eset, again, but this time for good. I tried a few times, but couldn't work it out. No one can blame no one from not being able to sort things out. Should a user be even trying to solve this problem, that Eset has not been able to solve (as in finding out what is causing this?).

    Ok, fine, it is a feature that if enabled will cause high CPU usage. Why exist in the first place? Why didn't this occured in the first NOD32 3.0 (3.0.669.0) version that I used, when I first started using NOD32?

    If indeed the problem is the usage of advanced heuristics, for example, don't you think that the 100% CPU usage would always be there?

    I really brought my self into a daily craziness scenario trying to solve this damn thing, but as I said, I couldn't, so... I'll go back again to the av I was using, which allows me to use advanced settings with no slow downs at all.

    I was happy when version 4 beta came out, 'cos I thought it would solve this problem out. The only thing new is a warning that if we enable advanced heuristics we'll get a slow system.

    So, we will get a slow system, still Advanced Heuristics is still part of Eset's products, for those maniacs who enjoy having an 100% slow system? Right. Makes sense, I guess.

    I first started to use NOD32 (version 3.0.669.0) because a friend told me it was light on resources and had very great reviews. Well, the first time I used it was light, but as soon as I upgraded it, well, you already know what happened.

    And I've only been with Eset since this version. I now know about people who have always been a supporter of NOD32 and has been having this problem since quite a few months.

    The people complaining here are just a small sample of whats happening. So, do we all have to sort things out? Do we all have in our systems conflicting situations? Or are Eset who's going down the drain? Either with performance and detection? Sorry to say this, but lately, it is what I am seeing.

    Seeing to all this, one can only conclude - Eset was great once, but nothing lasts forever and your time is over for now. Maybe one day you'll return, just as happened with Symantec.

    I wish the best of lucks to Eset and that you do sort this out.

    Best regards
     
  25. puma_one

    puma_one Registered Member

    Joined:
    Sep 25, 2008
    Posts:
    67
    Is there anyone here who sended a report done with sysinspector to Eset to find the cause(s) of the 100% CPU ?
     
    Last edited: Dec 22, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.