ekrn.exe Process Hog - ZenWorks?

Discussion in 'ESET NOD32 Antivirus' started by LucasS01, May 25, 2010.

Thread Status:
Not open for further replies.
  1. LucasS01

    LucasS01 Registered Member

    Joined:
    May 25, 2010
    Posts:
    3
    Location:
    MA
    Hello Everyone,

    I manage a network of about 80 workstations (Windows XP SP3) running the Novell Client (For eDirectory Authentication); I recently began a ZenWorks deployment, and have noticed that ekrn.exe has begun to go crazy - and take all the system resources on those machines. I saw a post earlier by edwin3333, that stated some exclusions needed to be added for NOD32 v4 but there was no explanation. We are running a mixed environment of v3 and v4 - and I am experiencing this behavior on both.

    I've always been pleased with performance from NOD32 in the past; are there any suggestions as to make ekrn.exe not work as hard?

    Thanks.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you use default settings, check the statistics for the last file scanned by real-time protection. If a particular file is scanned repeatedly, try adding it to the exclusion list. You can also find out which files are currently scanned by using Process Monitor from Microsoft and filtering file operations for ekrn.exe.
     
  3. LucasS01

    LucasS01 Registered Member

    Joined:
    May 25, 2010
    Posts:
    3
    Location:
    MA
    Marcos,

    Thank you for the reply..

    I looked at the statistics screen and to me it doesn't show that its repeating any one file, although it is constantly scanning files. I ran the Process Monitor and ekrn is flooding it with files in "c:\windows\temp\" all varying names starting with NOD***.tmp (*wildcard) these files are all about 25MB each.

    What I have done so far is add an exclusion rule for c:\Program Files\Novell\ZenWorks\*.* to ensure its nothing in that folder causing the issue.

    Is there a way to tell NOD32 to exclude activity by a given process? I did not see anything in the options (may have missed it).

    Thanks;
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Those nod*.tmp files are created when scanning archives. Are those files created even after disabling self-extracting archives in the real-time protection setup?
     
  5. LucasS01

    LucasS01 Registered Member

    Joined:
    May 25, 2010
    Posts:
    3
    Location:
    MA
    Marcos,

    I disabled self extracting archives per your suggestion and I am still having the same issue. I've even tried disabling the real-time scanning and it doesnt stop. It does seem to calm down after a couple of hours and the computer becomes usable again; but throughtout the day hiccups begin occuring again.
     
Thread Status:
Not open for further replies.