Discussion in 'ESET Smart Security' started by nipstech, Sep 23, 2008.
Posted in error - apologies especialy to MKRET
I think this is going to be a difficult one to solve. My system is now ok and I no longer have the problem. I don't know why. I do know that I started it by modifying the ESS settings but, at the same time, I also had loaded some new software. I have basically put my ESS settings back to where I had them before the changes I made but that did not fix the problem immediately. I think it has something to do with the activity of some programs, in particular, Google Chrome would cause my system to go into slow mode immediately but now it no longer happens. So perhaps ESS is now recognising the program activity is ok. I don't know. My partner has the same operating system but many different programs and he still experiences the problem from time to time. A couple of other programs which cause the excessive cpu usage on opening are Directory Opus and Personal Passworder. There could be lots more.
email from ESET:
We will soon be releasing version 4 of our software (pencilled in for some time in February 2009) and any bugs that you may have experienced in 3.0.672 should be resolved in that version.
Now that is finally good news.
Thanks for sharing it.
I've downloaded and started using Kapersky Internet Security and haven't had a problem since. It seems to be much more stable than ESET SS. I've had problems with ESET blocking rpc traffic to my domain controller even though I defined the Local LAN as trusted. The workaround was to use interactive mode and manually add the ports as the warnings appeared. With Kapersky, it worked with no interaction, yet still recognized public networks when I take the laptop off of the LAN and connect to a public wireless network. Fortunately, all of my clients so far are running standalone machines and haven't had the problems I've had. I have to say that until ESET works out their issues, I'll have to recommend using Kapersky. Ordering a license is instantaneous with Kapersky, I don't have to wait a day or two for someone at NHA to email me a key.
As an FYI, the last time I uninstalled ESET, when I rebooted the system hive was corrupt, forcing me to restore the machine from a backup image. It took me a day to recover the machine using a month-old image combined with the daily backups, but I didn't lose any data. I was pretty annoyed to say the least.
I'm also experiencing the same issue, to no such avail yet.
"Best AV in the world" - my arse ¬_¬
I have had a similar problem. At start up, the cpu usage would hit 99% for a period of 2-3 minutes.
When I installed the latest version I chose the default options. I noticed that the start up cpu usage was now normal. Curious about this, I started to tinker with settings and noticed that when I turned advanced huristics on, the cpu usage problem returned.
Thankfully, cpu usage problem disappeared again when I turned it back off and rebooted.
I'm watching/logging ekrn processes with Process Watcher and am seeing tons of BUFFER OVERFLOW and RANGE NOT LOCKED errors/warnings in the Result column. Would this be normal?
Im also getting the same, but there's so may files with the buffer oveflow...whats going on seriously, why has this only just started to happen?
I wouldn't leave advanced heuristics disabled. Perhaps you could uninstall your current version and try the new beta v4. More info can be found here. Perhaps you could watch the statistics window when the slow down occurs, this would reveal you the file being scanned. As the last resort you could disable AH for newly created files and leave it enabled on file execution (a new feature introduced in v4).
Thanks for the quick reply. Heuristics will stay enabled.
95% of my work is done on this machine. So I can't chance running anything BETA on it.
I am not sure I know what you are referring to by "statistics window." I can see the processes in Windows Task Manager but not the individual file being scanned.
I mean this statistics window in v4.
That looks like a great addition.
Thanks as always.
Well curiosity got the nest of me.
Stopped working and cloned my HD. Than installed V4. To say my socks were knocked off is an enderstatement.
I am amazed at all the changes especially in the GUI.
Also a preliminary look seems to show that the CPU problem has been solved.
Unfortunately I had to go back to work so I can eat.
But a great job and huge Kudos to the ESET team.
Are you looking at a February 2009 for this?
Ok I've identified the problem on my computer using Process Monitor. It gets "stuck" on it's own log file!
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat
My epfwlog.dat is currently about 877,358 KB and it took 33 minutes to "process" it (don't know exactly what it was doing), using about 30% of my CPU.
The entire time I can't surf the web. I assume this is the firewall log file and while it's processing it, it locks up the firewall blocking all http communications.
As soon as it was done, 33 minutes later, everything went back to normal.
So now the question is, how do I prevent this from happening? Just turn off all logging and delete the file?? Or is this some glitch with ESS?
Is 877,358 KB unusually large for this log file?
I'm just using the default settings. I installed ESS on 5/28/2008 and my epfwlog.dat is now over 850 megs. I just can't imagine ESS would install itself in a default configuration that would ultimately cause my web surfing ability to go dead for 33 minutes every other day. Are you saying this is normal??
I'm not logging all blocked connections. And other than that I don't see how to tell it what to log. All I see is that I can "Delete records older than X days" which defaults to 90, and "Optimize log files automatically" is checked by default. Am I missing a feature somewhere that I can tell ESS specifically what to log and what not to log?
I don't care about logging really so for now I'm changing the 90 days to 1 day to see if that helps.
But does anyone know if it's normal for ESS to "process" this logfile every few days and it makes it so I can't surf the web the entire time it's processing the file? I assume it should only take a second or two rather than the 33 minutes in my case. Is there some way to tell ESS not to "process" this log file? What exactly is it doing when it's "processing" this log file??
Whatever it's doing is not part of a virus scan, it's happening automatically...
I think I finally realised that ESS does not optimise the log file. I had the same problem with the file getting bigger and bigger and I kept reducing the number of days kept but that didn't help. In the end I reduced the number of days kept from 90 to 45 and manually ran the optimisation and the log file went from over 500mb down to 200kb.
I have now changed over to beta4 so will continue to monitor the log file to see if the same thing happens.
I changed the number of days to 1 and manually ran the optimization and it didn't reduce the filesize at all.
I've since rebooted a few times and it looks like the log file is down to 128k or so. I'll keep an eye on it...
Separate names with a comma.