nod amazing slow when i unrar some files

Discussion in 'ESET NOD32 Antivirus' started by mantra, Aug 8, 2011.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    Hi

    i did notice an amazing slow down and some freezes when i unrar some file

    for example ,i downloaded EssentialPIM free version ,portable

    and i unrar on a folder , nod32 v4 start to use 50% and 100% of my cpus

    on the same machine , for example avast 6 doesn't slow down

    i use only 1 anti virus on my w7


    what's wrong?
    thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's because the author compressed even system dlls with a runtime packer to reduce their size by about 400 kB :( What gives? Doing so is not recommended for two reasons:
    1. using runtime packers increases scan times as av scanners need to unpack the file runtime. In the case of ESET, the file is also emulated by Adv. heuristics upon creation which is a time consuming operation.
    2. using runtime packers increases the suspiciousness of the file. It can happen that sooner or later suspiciously looking files will be flagged by less or more av scanners as suspicious.

    If you often run into this kind of issues, you can try disabling AH on file create and enable it for file execution only. I'd also strongly recommend using v5 (the current RC is perfectly stable) which supports scan optimizations thanks to the ESET Live Grid technology.
     
  3. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Avast does not scan all files, even it does not scan runtime packers by default.
    Follow the suggestions from Marcos.
     
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    thanks Marcos
    1) i tried to disable the Adv. heuristics , but it did not make different
    2) runpacker are disabled by defalt
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, Did you check the option at Antivirus and Antispyware -> Real-time file system protection -> Advanced setup -> Additional TS parameters for newly created and modified files?
    2, They are enabled by default, check the appropriate option at the above mentioned path.
     
  6. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    yes i did
    is better , but ekrn.exe jump to 50% for some seconds

    but in preference the runpacker is disabled by default ,isn't it ?
    the means is that nod32 realtime does not scan runpacker on execute
    is dangerous ,isn't it?



    where can i read about it ?
    i read some reviews about nod32 v5 ,seems a great product ,but need 90mb of ram
     
    Last edited: Aug 9, 2011
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No it uses around 70 MB of RAM, on some machines a little more on some a little less. But that's because everything is loaded into the memory to make it run as light as possible. And by doing so makes it one of the lightest when it comes to I/O usage. :thumb:
     
  8. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    http://www.eset.com/beta/antivirus-5-beta/

    seems interesting
    but


    i did test on a pc with w7 and it uses at least 80mb , i don't think it's a Small System Footprint compared to the others

    is the update limit still 60minutes?

    i did not find a great improvement from nod32 v3 to v4
    not because i'm a nostalgic but nod 2.7 was the best for many many users
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes it is. Considering that the virtual memory usage is the same.
    And I just explained why is uses that amount of RAM.
    We are soon at Version 5 ;)
     
    Last edited: Aug 9, 2011
  10. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    C'mon, this is simply a false statement.

    (not trying to hijack this thread though).
     
Thread Status:
Not open for further replies.