ekrn.exe using 100% CPU

Discussion in 'ESET NOD32 Antivirus' started by darkwings, Mar 21, 2010.

Thread Status:
Not open for further replies.
  1. darkwings

    darkwings Registered Member

    Joined:
    Sep 17, 2007
    Posts:
    3
    Recently I noticed severe performance problems with my PC and discovered that ekrn.exe was using 100% of the CPU. When I hover the mouse over the eset icon in the systray, it says "Startup scan in progress"
    When I open the control panel and go to the Statistics page under Protection status I can see the Scanned object changing which implies that it's indeed scanning.
    The number of clean objects is currently 6691249 and counting (but it also says 100%).
    There is no reason for it to be doing a startup scan. The computer has been up and running for days now. And there's no reason for it to be doing a complete scan as those are specifically scheduled for late at night.

    So....what is it doing? And how can I stop it?

    I am running Windows 7 with all the latest critical updates.
    ESET NOD32 version 4.0.467.0
    The Update page says my virus signature database is up to date.

    Thank you.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Startup scans are crucial as they use slightly more sensitive heuristics to scan files that are loaded / run at system startup. Try editing the startup scan tasks and set them to run when the system is idle instead of disabling them completely.
     
  3. Nasenmann

    Nasenmann Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    7
    I've got the same problem (with the newest 4.2.35).

    I noticed that a Startupscan (which took about 10-15min)
    speeds up without the "Advanced Heuristic"-Option
    -> just 5-10 seconds tooks a startupscan now.


    Leave that thing on is not an option, because starting programs while the computer is scanning is nearly impossible.

    Any comments about the security without that option?
    In the Filescanner it's switched off, too.
    It's just enabled when executing files.
     
  4. darkwings

    darkwings Registered Member

    Joined:
    Sep 17, 2007
    Posts:
    3
    Marcos: Give me a clue where to look for that option.
    I'm going to take a wild guess that it's under the "Automatic startup file check" task? I did find an option under there to set the scan priority to "when idle".

    But when you replied you did not explain why this scan is running continuous LONG after I've logged in. in fact I haven't restarted my computer for several days. According to the scheduler, the Automatic startup file check runs on User logon. Does this mean it runs after the computer gets out of screensaver mode as well as upon initial startup? My computer does not lock (or return to the user signon screen) when my screen saver kicks in. But I have noticed that the scan is always running when I try to get my screen back. It hangs up with a blank screen and the little busy spinning icon.

    Something just doesn't add up here....... :(
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There are two startup scan tasks - one run on user logon and the other run after each update. You can adjust the scan priority by right-clicking the desired task, selecting Edit, going through the setup and the last setup screen will allow you to choose the scan priority.
     
  6. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    Marcos, is there any way to modify those tasks through the policy editor in ERA? I'm looking and I can't find it. I want to make the change across 99 currently-installed systems plus the eventual 30 or so more that will be installed, and policy would definitely be the easiest way to do so...

    Thanks
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can download the configuration from a client, unmark all entries in the xml, navigate to Scheduler, remove all tasks but the two startup scan tasks from the list, edit the tasks and eventually push the configuration back to the clients.

    Alternatively you can create and edit new startup scan tasks but make sure to click "Change ID" and assign them the appropriate ID for default tasks as shown in the "Task ID" edit window.
     
  8. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    Unless I'm misunderstanding you, that would only work to push a task out to existing clients. I want to set these settings in the group policy so every time a new computer is added to the group, it gets the setting. One of your support techs advised me that policies are actually the most intelligent way to do any settings for corporate managed clients, and having used policies now for several months, I agree with him.

    Trouble is, the existing scheduled items do not show in the policy editor at all. How do I get at them there?
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The same is supposed to work with policies. Just make sure the startup scan tasks you create have the ID of the default startup scan tasks.

    If startup scan tasks last a couple of minutes, let me know and we'll try to narrow it down to the file(s) that takes time to get scanned and eventually fix the issue.
     
  10. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    I'm still going to work on that policy when I get time; got slammed with people breaking things today (including another AV2010 infection :mad: ) but in the meantime, I see one of my problems. ESS is scanning Windows Update files that are being downloaded from my internal WSUS server. Those files have already been scanned by NOD32 on the server and certainly don't require re-scanning by every machine. Problem is, I don't know what to exclude here, as we (obviously) can't exclude Windows directories (too much other crap downloads there from time to time), and there are not, as far as I know, unique filenames for Windows Update files. Do you know a way to exclude those?

    Thanks,

    Dan
     
  11. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I still don't get it.. sorry.

    I'm in "scheduler/planner.

    When I try to edit any task, it goes in this order:
    1. shows the task
    2. gives choices of how to run the task, Once, repeatedly, daily, weekly, and event triggered
    3. next is the window that shoes the event to trigger the task..
    4. next is the edit task windows in case the task cannot be completed it wants to know what to do.
    5. next is finish.

    Where was the choice to set the scan priority so it only runs when idle?
     
  12. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hi Windstrings,

    Click "Finish" in one of the two Startup scans?

    BFG

    edit: The user logon one
     
    Last edited: Apr 26, 2010
  13. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Wow!..... boy do I feel stupid.... oh well I may have never known if I hadn't asked...... I did hit finish once before but must have missed the second bar choice.

    Guess I expected finish to mean "done".

    Thanks!
     
  14. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, that's pretty much the common sense and I still hope ESET it going to move this setting to a normal expected place and not after Finish where it makes zero sense.
     
  15. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Just my opinion, but I think the default setting should be to scan " when idle" for both of the automatic startup file checks since they are only triggered by logon and a dat update.. both of which is silly to assume the scan needs to be done immediately when busy on another project.

    IN both cases if we had a virus, another minute or two is not going to make a difference as the virus was already present "before" the event of logon and/or dat update.
     
  16. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello windstrings,

    "Almost Finished" would make it much more intuitive, so no problem at all. ;)

    BFG
     
  17. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    I tried this and noticed no change. May be my pc is too old and these scan take all CPU also in low priority.
     
  18. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    marcos.. why don't you make a new "tweak" settings or recommended settings for best efficiency... is default close enough so its not worth the bother?

    Seems this setting alone is worth it... and so many will miss this.
     
Thread Status:
Not open for further replies.