ESET Endpoint Antivirus : ekrn.exe with USB

Discussion in 'ESET Endpoint Products' started by seb2020, Sep 13, 2012.

Thread Status:
Not open for further replies.
  1. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    Hi !

    I have a problem with my ESET Endpoint Antivirus 5.0.2122. The problem appears when I plug in an USB key in my computer. When I do that, the ekrn.exe use 100% of my CPU. But there is something strange.

    I have 2 VMware View Workstation on Windows 7 64bit. This is a VDI solution. I use Samsung Thin client with Terradici chip.

    In the first workstation, when I plugged an USB key, a message from ESET appaears (http://kb.eset.com/library/ESET/KB Team Only/SOLN2882/Pop-up Example.png). I can browse my key instantly. The CPU is OK.

    In the second workstation, when I plugged an USB bey, there is no message from ESET. I can not browse my key and the ekrn.exe use 100% of my CPU.

    The two workstation have absolutely the same configuration and they have the same policy from ERA too.

    I don't why this is appening.. I have try a lot of things with no succes.

    Do you have any idea?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The latest version of Endpoint products is 5.0.2126 which has Device control disabled by default and also addresses certain issues related to it. Please confirm or deny whether the issue persist after upgrade.
     
  3. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    I have already test, and I have the same issue.

    But, I will re-run my test with this specific version ;)
     
  4. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unfortunately, the Device control settings are not visible in your screen shot (it's below Removable media). If it's enabled, try disabling it and restarting the computer. Otherwise try disabling real-time protection (for a test only) and see if it makes a difference. Let us know about your findings.
     
  6. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    Hi,

    The device control is desactived (integration system not checked) -> still the same issue.

    Hips enabled : No -> still the same issue
    Enable ESET Endpoint Security Self Defense : No -> still the same issue

    If we try disabling real-time protection, there is no problem.

    We have use Procmon when we have this bug. We can see :
    http://i47.tinypic.com/4v1onc.png

    There is a lot of the same key..

    We have try to exclude the folder of VMware -> Still the same issue.

    All the test is on ESET Endpoint Antivirus 5.0.2126.3
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please PM me the download link to the PML log.
     
  8. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    PM link sent.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This looks like a known issue with VMware when the USB hub reports all 255 USB ports.
     
  10. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    Hi,

    Thanks for your reply. Can I have more info ? There is a KB to read ? I can't find anything

    I have two same computer, but only one have this bug.. This is very strange
     
    Last edited: Sep 17, 2012
  11. seb2020

    seb2020 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    12
    Location:
    Switzerland
    Hi,

    With the VMware View Agent : 5.0.1.640055 I have the problem.
    With the VMware View Agent : 5.1.1.799444 I have not the problem

    So, I have some upgrade to do !

    Thank and have a good day !
     
Thread Status:
Not open for further replies.