ESS 5. Constantly checking registry.

Discussion in 'ESET Smart Security' started by kamille, Oct 18, 2011.

Thread Status:
Not open for further replies.
  1. kamille

    kamille Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    2
    Asus laptop k72jr
    Windows 7 64bit

    When checking with Process Monitor eset is constantly doing the same registry queries every second. How do I stop this ?

    Code:
    Time of Day,"Process Name","PID","Operation","Path","Result","Detail"
    19:56:01,4194195,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4194448,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS","Desired Access: Read"
    19:56:01,4194777,"ekrn.exe","3624","RegSetInfoKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
    19:56:01,4194987,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\Enable","NAME NOT FOUND","Length: 144"
    19:56:01,4195226,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4195372,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Default","NAME NOT FOUND","Desired Access: Read"
    19:56:01,4195594,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4195735,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS","Desired Access: Read"
    19:56:01,4195919,"ekrn.exe","3624","RegSetInfoKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
    19:56:01,4196052,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppy","NAME NOT FOUND","Length: 144"
    19:56:01,4196193,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskLocal","NAME NOT FOUND","Length: 144"
    19:56:01,4196325,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskNetwork","NAME NOT FOUND","Length: 144"
    19:56:01,4196454,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOpen","NAME NOT FOUND","Length: 144"
    19:56:01,4196582,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecute","NAME NOT FOUND","Length: 144"
    19:56:01,4196706,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanCreate","NAME NOT FOUND","Length: 144"
    19:56:01,4196839,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanNetworkOnClose","NAME NOT FOUND","Length: 144"
    19:56:01,4196958,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOnAccess","NAME NOT FOUND","Length: 144"
    19:56:01,4197083,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanShutdown","NAME NOT FOUND","Length: 144"
    19:56:01,4197211,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OptimizeScan","NAME NOT FOUND","Length: 144"
    19:56:01,4197331,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
    19:56:01,4197459,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
    19:56:01,4197596,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_RuntimeArchives","NAME NOT FOUND","Length: 144"
    19:56:01,4197720,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AutoExecArchives","NAME NOT FOUND","Length: 144"
    19:56:01,4197848,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AdvanceHeuristic","NAME NOT FOUND","Length: 144"
    19:56:01,4197972,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecuteAH","NAME NOT FOUND","Length: 144"
    19:56:01,4198092,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppyOnExecuteAH","NAME NOT FOUND","Length: 144"
    19:56:01,4198216,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\BlockRemovableDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4198340,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DefaultArchSettings","NAME NOT FOUND","Length: 144"
    19:56:01,4198464,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveDepth","NAME NOT FOUND","Length: 144"
    19:56:01,4198588,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveMaxFilesize","NAME NOT FOUND","Length: 144"
    19:56:01,4198716,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AllowedDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4198840,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\USBDevicesLikeDisk","NAME NOT FOUND","Length: 144"
    19:56:01,4198969,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AdvancedBlockRemovableDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4199097,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice","NAME NOT FOUND","Length: 144"
    19:56:01,4199225,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction","NAME NOT FOUND","Length: 144"
    19:56:01,4199384,"ekrn.exe","3624","RegCloseKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS",""
    19:56:01,4199529,"ekrn.exe","3624","RegCloseKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS",""
    Please help cause my hdd won't spin down.

    GreetzZ
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    This is definitely not something that makes your disk spin and there must be another cause for that.
     
  3. kamille

    kamille Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    2
    In process monitor this is the only thing that is running for sometimes up to 8 seconds (with no other activity), always the same loop I posted in my first post.
    I used to use filemon with my xp machine but this is not working on my new 7.
    Should I troubleshoot this another way ?
    The hdd flashes every second and I cannot get my finger on it.

    On the other hand, via process explorer from sysinternals, the only one writing should be explorer.exe.
    But then I am stuck.

    Dunno where to start or end looking...
    To be frank, I really don't know anymore and a few tips would be helpful...


    GreetzZ
     
  4. smipx013

    smipx013 Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    18
    Hi,

    I am noticing this too on NOD32 V5.
    In a 10 minute period ekrn.exe executed some 235,000 queries to the registry while the PC was otherwise idle.

    Most of the entries are similar to:

    14:57.8 ekrn.exe 1720 RegSetInfoKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile SUCCESS KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppy NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskLocal NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskNetwork NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOpen NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecute NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanCreate NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanNetworkOnClose NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOnAccess NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanShutdown NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OptimizeScan NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_RuntimeArchives NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AutoExecArchives NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AdvanceHeuristic NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecuteAH NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppyOnExecuteAH NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\BlockRemovableDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DefaultArchSettings NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveDepth NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveMaxFilesize NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AllowedDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\USBDevicesLikeDisk NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AdvancedBlockRemovableDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegCloseKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile SUCCESS
    14:57.8 ekrn.exe 1720 RegCloseKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles SUCCESS
    [/SIZE]
     
Thread Status:
Not open for further replies.