ekrn.exe randombly jumps to 100% CPU Usage and stays there until killed

As topic.

Runtime packers and advanced heuristics disabled in real time protection.

 

Just want clear things up:
- when you say randomly, do you mean truly random, such as when doing absolutely nothing? or, say, just only when you open a folder, sometimes you encounter the problem, sometimes not?
- "Runtime packers and advanced heuristics disabled in real time protection", do you mean the settings for the newly created and modified files or the one in the ThreatSense engine parameter setup (I'm assuming you're using NOD32 Antivirus RC1)?

Regards

 

same thing happens to me...happens at boot quite often...im using ESS RC1..

i just kill it and the new ekrn.exe doesnt consume too much

 

Happens to me every so often, Using ESS on XP SP3, After ending the ekrn process (after logging in from computer boot) it restarts before I can even tell it quit and then explorer and everything else shows up right away. This is actually a bit worse than the beta 2 problem with it hanging on startup cause it would sort itself out after a while... this didn't after 5 hours

 

I've had the same thing; so much so that I had uninstalled ESS and went back to NOD32, which didn't last very long. I unstalled it after it was updated and reinstalled ESS RC1. I love this program! Can't wait till it comes out of beta! I'm sure it will be awesome!

Along those same lines, is there any info with instructions as to how to set the default settings when scanning and also setting up. TIA for the help!

Lyla

 

Sorry for the lack of information, I was a bit rushed (hence randombly ).

It seems random but I think it only happens when I'm using the PC, and the only reason I notice it is because my system is bogged down. It may be caused by doing something specific, but I have no idea what.

Also runtime packers and advanced heuristics are disabled in the "ThreastSense engine parameter setup" page of the "Real-time file system protection" section and are enabled in the "Additional ThreatSense parameters for newly created and modified files" box in the "Real-time file system protection" section. I don't see why this should matter though, even if ESS is scanning with runtime packers and advanced heuristics enabled CPU shouldn't stay at 100% for hours unless something is actually broken.

Using ESS RC1 on XP SP3 (beta)

 

Vague aren't we (cheers ). Regardless, having ruled-out the usual suspect, we'll have to do it the old-fashion way: uncheck each of the options in the ThreatSense engine parameter setup -> Options, starting from the bottom. Uncheck one and click OK / close the setup window and see if there is an improvement. Whether there is an improvement or not, please post back.

Also, after your machine boots-up and you log in, without doing anything (except opening task manager / process explorer), check whether ekrn is still hogging the CPU or not. If not, keep task manager / process explorer open, and do something (or your usual thing ). The first sign ekrn hogs the CPU and doesn't seem to ease up, post what it was you did for it to happen.

Regards

 

I might have fixed this myself by accident (for me anyway) I updated my video card drivers (Forceware 162.18 to 163.71) and with the last two restarts it's worked perfectly fine and no stalling at all

 

Okay I just experienced another spike (first time in 2 or 3 days I think) just minutes ago and had a look in process explorer.

I'm not sure exactly what to look for but the threads section for ekrn.exe's properties caught my eye. A thread with a start address of kernel32.dll!CreateThread+0x22 is using all the CPU and has a CSwitch Delta of around 700 (not sure what that means, but everything else is high teens or 0).

Hope that was a bit more specific

I'll try the suggestions in your post and see if I can't provide a bit more info next time.

Cheers.

 

wokeeeyyy.... the kind of detail I was looking for was what were you doing at that time; the info from the process explorer would probably be helpful to ESET staff/developers, though. I'm still banking on the Advanced heuristics (and other such settings) in the ThreatSense parameter setup under the Real-time file system protection.

Here are some things you should keep in mind when you encounter the problem:
- Where you opening a folder, either thru explorer or a program? Folders that contain a number of executables and/or compressed files tend to keep ekrn busy, especially when you set the real-time protection to paranoid ..err.. maximum.
- Are you running an application? If so, what where you doing with the program (ie, saving/opening a file, viewing online help, etc.).
- If your doing "nothing", with no running programs, check your memory-resident programs, such as those with icons appearing at the right of the taskbar besides the clock. Also check for running programs that have no interface/GUI, such as the windows update.

I'm sure there are a lot more, but I'm sleepy so I hope you get what I mean: try to remember what you (or computer) are doing. Chances are that it is not the AV's fault (except for not yet being optimized ...I think) and only reacting to an event.

Regards.

 

The same thing happens to me, only it happens really random, I don't know what causes it but it happens. My settings are all default so It's not that I've changed something that could be causing this.
I kill the service and when it starts back up everything runs fine.

 

I noticed it today. Under Vista 32 bit. It happened after boot and update.
Disabling all security functions did not help. Killing the process: it restarted automatically: diabled functions were enabled again (exception was the antispam module remaining disabled).
And the CPU usage is gone.
I'll wait for the next occurence.

 

Try disabling Scan On: File Open

When I have that checked, opening the advanced setup menu (for example) causes 100% CPU and also on other ocasions. Unchecked, all good. I have it disabled for the time being because I know my system is 100% clean.

Also, try placing your GUI in standard mode instead of advanced.

I'm using XP SP2 with all updates.

 

I have changed nothing and today there was no problem.

 

Oh, I actually have no interest in fixing this, if it becomes too annoying I will just uninstall it. My only interest is in diagnosing this problem as much as is convenient for me for the purposes of informing the ESS developers. But thanks for your interest

On your point of it "not [being] the AV's fault ... [and the AV] only reacting to an event"; to me if this is the case then I would say that there is actually a problem with the AV as I'm not doing anything out of the ordinary and my AV shouldn't need working around at all.

Cheers.

 

same is happening to me :

https://www.wilderssecurity.com/showthread.php?t=187833

ekrn.exe is doing something with port 360606 causing cpu to jump ?

 

I'm using ESS RC1 on WinXPSP2 fully updated.

Having the same problem, with an additional error from drwatson.

Any help?

 

Had this myself today on one of two machines. XP Pro/SP2, wireless network. Only occurred the once this morning, fine since...

 

It happens here too. And even quiet often.
The process ekrn cannot be killed here either. Not even with ps-tools.

Hope this will be fixed soon.

 

I just installed ESS on an XP SP2 yesterday and it is working well, unlike my Win2K test drone. I can force high CPU usage on ekrn and egui by simply enabling Protection Status => Personal Firewall which displays network connections. It's not constant but fluctuates. Also spikes alternate between ekrn and egui. I don't have to kill anything, just select another screen and CPU drops back to normal low.

 

With regard to the behavior I refer to in my posts (not the same as GaryRW) it still occurs frequently and will even occur prior to logging in just following a fresh boot (I know this because the login screen is sluggish).

Here is a the stack for the offending thread:

Code:

ntoskrnl.exe!KiDispatchInterrupt+0x7f
ntoskrnl.exe!NtDeleteAtom+0x665
ntdll.dll!KiFastSystemCallRet
ekrnAmon.dll+0x35e3
kernel32.dll!GetModuleFileNameA+0x1b4