ESS 5. Constantly checking registry.

Discussion in 'ESET Smart Security' started by kamille, Oct 18, 2011.

Thread Status:
Not open for further replies.
  1. kamille

    kamille Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    2
    Asus laptop k72jr
    Windows 7 64bit

    When checking with Process Monitor eset is constantly doing the same registry queries every second. How do I stop this ?

    Code:
    Time of Day,"Process Name","PID","Operation","Path","Result","Detail"
    19:56:01,4194195,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4194448,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS","Desired Access: Read"
    19:56:01,4194777,"ekrn.exe","3624","RegSetInfoKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
    19:56:01,4194987,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\Enable","NAME NOT FOUND","Length: 144"
    19:56:01,4195226,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4195372,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Default","NAME NOT FOUND","Desired Access: Read"
    19:56:01,4195594,"ekrn.exe","3624","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    19:56:01,4195735,"ekrn.exe","3624","RegOpenKey","HKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS","Desired Access: Read"
    19:56:01,4195919,"ekrn.exe","3624","RegSetInfoKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
    19:56:01,4196052,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppy","NAME NOT FOUND","Length: 144"
    19:56:01,4196193,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskLocal","NAME NOT FOUND","Length: 144"
    19:56:01,4196325,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskNetwork","NAME NOT FOUND","Length: 144"
    19:56:01,4196454,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOpen","NAME NOT FOUND","Length: 144"
    19:56:01,4196582,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecute","NAME NOT FOUND","Length: 144"
    19:56:01,4196706,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanCreate","NAME NOT FOUND","Length: 144"
    19:56:01,4196839,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanNetworkOnClose","NAME NOT FOUND","Length: 144"
    19:56:01,4196958,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOnAccess","NAME NOT FOUND","Length: 144"
    19:56:01,4197083,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanShutdown","NAME NOT FOUND","Length: 144"
    19:56:01,4197211,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OptimizeScan","NAME NOT FOUND","Length: 144"
    19:56:01,4197331,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
    19:56:01,4197459,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
    19:56:01,4197596,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_RuntimeArchives","NAME NOT FOUND","Length: 144"
    19:56:01,4197720,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AutoExecArchives","NAME NOT FOUND","Length: 144"
    19:56:01,4197848,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AdvanceHeuristic","NAME NOT FOUND","Length: 144"
    19:56:01,4197972,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecuteAH","NAME NOT FOUND","Length: 144"
    19:56:01,4198092,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppyOnExecuteAH","NAME NOT FOUND","Length: 144"
    19:56:01,4198216,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\BlockRemovableDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4198340,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DefaultArchSettings","NAME NOT FOUND","Length: 144"
    19:56:01,4198464,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveDepth","NAME NOT FOUND","Length: 144"
    19:56:01,4198588,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveMaxFilesize","NAME NOT FOUND","Length: 144"
    19:56:01,4198716,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AllowedDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4198840,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\USBDevicesLikeDisk","NAME NOT FOUND","Length: 144"
    19:56:01,4198969,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AdvancedBlockRemovableDevices","NAME NOT FOUND","Length: 144"
    19:56:01,4199097,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice","NAME NOT FOUND","Length: 144"
    19:56:01,4199225,"ekrn.exe","3624","RegQueryValue","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction","NAME NOT FOUND","Length: 144"
    19:56:01,4199384,"ekrn.exe","3624","RegCloseKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile","SUCCESS",""
    19:56:01,4199529,"ekrn.exe","3624","RegCloseKey","HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles","SUCCESS",""
    Please help cause my hdd won't spin down.

    GreetzZ
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    This is definitely not something that makes your disk spin and there must be another cause for that.
     
  3. kamille

    kamille Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    2
    In process monitor this is the only thing that is running for sometimes up to 8 seconds (with no other activity), always the same loop I posted in my first post.
    I used to use filemon with my xp machine but this is not working on my new 7.
    Should I troubleshoot this another way ?
    The hdd flashes every second and I cannot get my finger on it.

    On the other hand, via process explorer from sysinternals, the only one writing should be explorer.exe.
    But then I am stuck.

    Dunno where to start or end looking...
    To be frank, I really don't know anymore and a few tips would be helpful...


    GreetzZ
     
  4. smipx013

    smipx013 Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    18
    Hi,

    I am noticing this too on NOD32 V5.
    In a 10 minute period ekrn.exe executed some 235,000 queries to the registry while the PC was otherwise idle.

    Most of the entries are similar to:

    14:57.8 ekrn.exe 1720 RegSetInfoKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile SUCCESS KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppy NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskLocal NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskNetwork NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOpen NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecute NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanCreate NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanNetworkOnClose NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanOnAccess NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanShutdown NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OptimizeScan NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\Autostart SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_RuntimeArchives NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AutoExecArchives NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\OnOpen_AdvanceHeuristic NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ScanExecuteAH NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DiskFloppyOnExecuteAH NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\BlockRemovableDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\DefaultArchSettings NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveDepth NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\ArchiveMaxFilesize NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AllowedDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\USBDevicesLikeDisk NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AdvancedBlockRemovableDevices NAME NOT FOUND Length: 144
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDevice SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegQueryValue HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile\AskForScanOfRemovableDeviceDefaultAction SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    14:57.8 ekrn.exe 1720 RegCloseKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles\@My profile SUCCESS
    14:57.8 ekrn.exe 1720 RegCloseKey HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000101\Profiles SUCCESS
    [/SIZE]
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.