ESET Endpoint Antivirus 5.0.2122.1 - failed to update

Discussion in 'ESET Endpoint Products' started by webyourbusiness, Jun 15, 2012.

Thread Status:
Not open for further replies.
  1. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I just had the oddest thing - endpoint antivirus failed to update - twice - it complained that it was unable to allocate memory, while task manager showed on 5Gb of 8Gb of physical memory was allocated...

    I quit all firefox windows (the biggest memory hog) - and tried again - same problem.

    Rebooting fixed the problem, but I can't expect users to reboot every couple of days - they just DON'T DO IT...


    Here is the post reboot info:

    Virus signature database: 7224 (20120615)
    Update module: 1041 (20120430)
    Antivirus and antispyware scanner module: 1357 (20120510)
    Advanced heuristics module: 1121 (2011120:cool:
    Archive support module: 1146 (20120511)
    Cleaner module: 1056 (20120601)
    Anti-Stealth support module: 1030 (20120322)
    ESET SysInspector module: 1224 (20120223)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)
    Translation support module: 1064P (20120427)
    HIPS support module: 1047P (20120419)
    Internet protection module: 1035 (20120323)
    Database module: 1019 (20120404)

    "Events" log:

    6/15/2012 9:14:30 AM ESET Kernel Virus signature database successfully updated to version 7224 (20120615).
    6/15/2012 6:59:57 AM Update module Error downloading file from update server NT AUTHORITY\SYSTEM
    6/15/2012 4:50:20 AM Update module Error downloading file from update server NT AUTHORITY\SYSTEM
    6/14/2012 10:50:25 AM ESET Kernel Virus signature database successfully updated to version 7222 (20120614).

    the machine is Windows 7 ultimate x64 - new built less than 2 weeks ago - up to date with windows updates and basically just running office, firefox and eset protection.
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I am going to keep an eye on ekrn.exe - currently at 110,560K and climbing....
     
  3. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    116,152K now.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    121,328k now
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    122,316k - turning off realtime protection for an hour.
     
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I would say it is not realtime protection module - as that has been turned off for 12 minutes now - memory footprint of ekrn.exe is 131,804K now - ie, it has grown 8Mb in 12 minutes.
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    28 minutes since realtime turned off - my memory is now 144,872K - this is a pretty real memory link I think...
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I should add - that TWICE in the last 30 minutes or so, I have COMPLETELY quit firefox, which is a pretty big hog of memory - my Firefox process starts around 42,000K - and at the moment it sitting below ekrn.exe with a 145,668K memory footprint - but I have been on multiple forums and watched a couple of youtube videos - so altough firefox has increased considerably, I can quit it, and reset that back to 42,000K merely by closing all firefox windows, waiting 10 seconds and opening it again... I can't do that with ekrn.exe - which is now at 149,296K
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    1 hr 15 into my test... ekrn.exe = 184,814K - oh - jumped to 184,888K - now 188,176K... phew... this isn't going to end well without a reboot.
     
  10. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    almost at 2hrs and the total is now 218,720K

    I am going out in a while, so I'll report back after I get back - this will be on a machine with ZERO "real" use except outlook checking email every 15 minutes and Google calendar sync running...
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Oh... I just got 7225 download - my memory spiked to 350,000k and dropped down to 217,904K
     
  12. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    ekrn.exe is 542,962K - can you say MEMORY LEAK??!?!
     
  13. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Marcos - you got PM with a dump location - this is a catestropic leak on my machine and explains the memory allocation error when downloading the update I originally posted about... no process should get this big - let alone ekrn.exe.
     
  14. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    573,804K now...
     
  15. get_it

    get_it Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    99
    Perhaps its the same memory leak which is carried over into the V6 beta here:

     
  16. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I hope so - this morning memory usage is 995,872K
     
  17. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    1,240,712K now.
     
  18. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    1,558,180K ekrn.exe
     
  19. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    ekrn.exe is now 1905,156K

    ESET gui crashed with Microsoft Visual C++ Runtime library error -

    The application has request the Runtime to terminate in an unusual way.

    Please contact the application's support Team for more information.
     
  20. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    dumping process - uploading to a local FTP and restarting the computer assuming I can do so without windows crashing.
     
  21. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    no - sorry - I cannot dump this - it errors and says " Error writing dump file:
    The data is invalid"
     
  22. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    I'm not noticing the memory leak issues that you are having. Are you sure you aren't streaming content such as live radio that might make this happen? It's obviously not real time since you disabled the real time conneciton, but that doesn't rule out the web/email scanner.
     
  23. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I disabled network drive scanning, added exceptions for Kayako Desktop, LogmeinRescue technician, Google calendar sync and restarted - my ekrn.exe was 84,000 and some K when I restarted - now, an hour or so later, ekrn.exe is 140,064K - is is till growing.

    I do no use live-streaming radio or video.

    ESET support called me this morning - they have the process dump, the sys-inspector log and have confirmed that there is an issue they are aware of that the Dev team are working on - a fix is expected in the next build - whenever that is...
     
  24. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    a couple of things that might have a bearing on this...

    1. new machine - windows 7 - x64 - but ATHLON - not intel processor
    2. 8Gb of RAM - not a small amount - but as much as these baby Dell machines will take - RAM is maxxed out.
    3. this machine is only a few weeks old - I haven't had time to add a ton of stuff - but it is a Dell - that means it comes with a whole bunch dell "junkware" - and I put the machine into service quickly - ie, never stripped out all the junk
    4. startup list is relatively clean - calendar sync, acronis drive monitor, itunes startup junk, eset, intellipoint driver, and I have noticed one error - the ATI CCC and Nvidia drivers are loading... will remove the ATI stuff for the on-board video as the machine is running a dual monitor setup on an nvidia card.
     
Thread Status:
Not open for further replies.