Issue with V3 AV and Bad POP server

I am running the latest build (0621) of the AV. I was running the V3 suite, but had too many issues with it so I wanted to see if just the AV runs any better. It has been running fairly well until last night. My ISP started having email POP3 server problems. I currently check about 8 different accounts on 3 different domains. The 2 accounts on my ISP would not receive mail. I noticed my CPU was at 100% on all 4 cores. Not a good sign on a Q6600 with 4GB RAM and Vista Ultimate. I look in task manager and it says ekrn.exe is the culprit. I reboot and all is fine. Open Outlook and check mail. The 2 accounts from my ISP fail so I cancel all send and receive tasks. I notice my CPU usage is 30-40%. I redo send/recevie and my CPU usage goes to 80-85%. I cancel send/receive and usage stays at 85%. I do another send/receive. Now 100% CPU. Cancel the hung send/receive and CPU usage stays 100%. Again and as expected ekrn.exe is the problem. I try to kill ekrn from task manager to see what it will do. It does not stop (good thing), but CPU usage drops back to 0. This morning my ISP is still having issues. Again my CPU usage went to 35-40% even though I cancel the tasks. I remvoed those 2 accounts from being checked. Rebooted and now everything is working perfectly again.

I see at least 3 issues here. Why does ekrn.exe hang waiting for response from a pop3 server? Why does ekrn.exe not recover or detect when the mail checking operation is canceled? Why does ekrn.exe not at least timeout and cancel the failed mail operation and keep eating more CPU each time the operation is repeated?

I know that people have seen the ekrn.exe 100% problem in the past. Maybe this information may give people something else to look at when they see this.

Eset - any ideas or reasons for this behavior?

 

Does it make any difference if you disable archives, sfx archives and runtime packers in the email protection setup? Maybe the scanner gets into a loop for some reason when scanning an archive received as an email attachment.

 

I just posted a reply to the other "100% CPU usage" thread, thinking that it was related to Firefox. But now that I have read this thread, I see that I am also having POP3 server issues where mail checking timed out or failed within the past 24 hours and I wonder it I am actually seeing the same problem as described in this thread. By the way, don't know if it is the same ISP but mine is Cox. I will try your recommended troubleshooting in the email protection setup.

 

I just tried what you asked Marcos and nothing has changed. I disabled archives, sfx archives and runtime packers in the email protection setup and tried again with the same results. I then rebooted to get a clean go with the new settings and got the same thing.

I also ran a test to see if a send and receive that completes will clear a previous hanging one by removing the bad server from the group without leaving the program. It will not. I also do not show any increased memory usage while NOD32 is hanging CPU usage. I have let it run for 20 minutes now and my memory usage is solid around 30% while CPU usage is 50-65% steady (only one failing server one time).

I might also mention that this is a clean install of Vista Ultimate 32 bit, Office 2007 Enterprise, and NOD32 V3. It has been in use less than 10 days so no strange program installs or configurations yet. I do have SP1 beta installed though.

 

There is something about some recent emails that are causing the most recent updates of NOD32 AV to hang up at 100% CPU usage, and it blocks Thunderbird from actually downloading the messages. The three that seemed to cause a problem this morning were incoming emails that had no subject and no text. They did not appear to have attachments. Once I disabled NOD32 email checking completely, Thunderbird was able to download those emails. It seems that the problem started after update 2784 or 2785 yesterday.

Let me know if you want me to forward you the emails. They are obviously spam but I don't believe they contain any viruses.

I have not tried the other suggestions about disabling certain portions of the email checker.

 

I just found the same thing. My replies from spamcop jam it up. It appears any email waiting on any server causes it as it has jammed on me with spam, regular mail without any attachments.

I tried removing, cleaning and reinstalling. No difference. It all works fine if I go into email setup and turn off files.

I think I'm over version 3. I tried the ESS and now EAV 3's and had trouble out of both. AV software has got to be smooth and effective. It can't be a problem all the time like this. I never had any problems out of NOD32 before and I have used em for at least 4 or 5 years.

I'm really upset too cause now I have all these licenses which are counting the days down and I can't use em, but they are still expiring.

 

Well I don't understand the difference between disabling email checking completely, versus unchecking the "email files" box in the Email threatsense setup but I guess I could try that.

 

Mail checking is screwed!
Wxpsp2, Nod32v3 with Opera mail client. Couldn't send or recieve mail unless I uncheck mail protection in Nod. Latest updates from Eset ( 2786).

Don,t give it up MM. Eset have to come with the solution tomorrow if not today. This is the 1st problem I've got so far.

 

I also experienced the same problem with build 621 on XP SP2 and Outlook. Noticed my CPU sitting at 100% and task manager showed that it was ekrn.exe. Tried unsuccessfully to kill the process and finally rebooted. Upon reboot, everything was okay until I checked mail in Outlook. CPU immediately went back to 100%. I tried to find the build 566 installer since I had not experienced this problem before I went to 621 a couple of days ago. Unfortunately, I couldn't locate 566 so I am still on 621 for the moment. Strangely, I have not had the problem today. BTW, my ISP is Roadrunner.

 

Update to the latest version 2787 which contains a fix for the issue.

 

It works now.

 

Yep 2787 fixed. All is working with my mail servers again.