ekrn hogging CPU

Discussion in 'ESET NOD32 Antivirus' started by djackino, Mar 22, 2012.

Thread Status:
Not open for further replies.
  1. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I have seen numerous threads on this subject, my situation is a bit unique
    from the other threads
    ESET 5.0.95, defs 6988
    Win XP SP 3

    At random beginning last week, ekrn.exe will completely take over my computer, consuming 50% of the CPU and increasing its memory size to over 300Mb (when I am even able to get task manager opened up to take a look). The last time it happened, the only app I had open was IE 8. I could not do anything else on the computer, including attempting to run Process Monitor.

    After about 5-10 minutes, things free up, the CPU usage drops back to normal, but the memory size stays at over 300Mb.

    There is a USB drive attached, but I have attached and detached it without any lockups, as others unfortunately have had.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    This could be caused by an enormous number of new volume notifications that are received from the OS and trigger other operations in v5. You can verify it by disabling HIPS and restarting the computer.
    The next service build will include a workaround for this.
     
  3. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    Hi Marcis, I'd rather leave HIPS on and have maximum protection. Will wait for the next service build (5.0.96?) and a fix.

    THANKS
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    I meant to disable HIPS for a test to confirm or deny that the issue is related to the above mentioned problematic system behavior.
     
  5. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    Going to pop this thread since this issue is still coming up under 5.2.9.1. Same symptoms as listed above. Happens about once a day. USB drive has been mounted for over a week.

    I am going to take Marco's suggestion and have turned off HIPS for now to see if the issue reappears.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Perhaps generating a complete process dump of ekrn.exe or a Process Monitor log would shed more light.
     
  7. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I have a process monitor log, is there someplace I can upload it to (PM me if needed).

    No lockups so far today.
     
  8. SolidState

    SolidState Registered Member

    Joined:
    Dec 18, 2007
    Posts:
    92
    I would check to see if you have any other software that monitors "removable storage" and USB ports.

    Other software that does this includes Outpost and some other firewalls and malware protection programs that run beside AV.

    Also I would disable autoplay in windows. The USB drive's SATA to USB chip and it's firmare/microcode can be configured in a few different ways as it pertains to power management. Also the HD firmware/microcode has options for this that can be adjusted with vendor tools as well. Best bet is to check to see if the USB HD manufacturer has firmware update for the device.

    I have a feeling what is happening is that the drive goes to sleep and then is reawoken and when this happens it triggers autoplay or some other M$ underpinning and the eset removable drive routines and then causes the high CPU usage.

    (1) disable autoplay for the USB drive
    (2) check for other security software that monitors removable drives/USB etc and disable it (Outpost has this as does Sophos firewall)
    (3) use vendor HD utility to adjust it's power management options so it doesn't power down for USB HDs
    (4) make sure you have your chipset drivers installed properly! (non installed chipset drivers are systemic with many many deployed windows boxes)
    (5) if USB3 make sure you have the latest drivers from the manufacturer

    Uhh...

    That's about all I can add to this discussion and I sure hope it helps someone!

    PS check for firmware updates for the external HD! Lacie and others post firmware updates for external drives quite frequently.
     
    Last edited: Jun 14, 2012
Thread Status:
Not open for further replies.