Nod32 3.0.650.0 using ages to scan a 18kb DLL

Discussion in 'ESET NOD32 Antivirus' started by GAN, May 7, 2008.

Thread Status:
Not open for further replies.
  1. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    I'm using Axialis IconWorkshop 6.11 that includes the file "Axstdctl.dll" which is about 18kb and for some reason nod32 use ages to scan this file. So every time i start IconWorkshop that normally take about 1-2 seconds it takes more then 1 minute to start the program. If i disable nod32 it's back to 1-2 seconds again. While scanning this file the ekrn.exe prosess use about 30-40% CPU and the disk activity is very high until the scanning is complete. The reason for the high disk activity seems to be because ekrn.exe create the file "windows\temp\NODxxxx.tmp" (where xxxx seems to be a hex value). When the scanning of this file is complete everything goes back to normal and the program eventually start. I tried to change the security to a minimum by disabling Heuristics, Advanced Heuristics, Adware, Spyware, unwanted and unsafe applications and disabled scanning of Runtime packers, Self-extracting archives and so on, but with the same result. Using nod32 2.7 i didn't have this problem using IconWorkshop. I also have optimized scanning enabled so this only happen the first time i start IconWorkshop after a reboot or signature update. I excluded Axstdctl.dll which have solved the problem for now, but would have been nice to know why this happen and to be able to enable scanning of this file again.

    I can provide the file that cause this problem and it's easy to see the behavior since a rename of this file using Windows explorer causes windows explorer to freeze for the amount of time it takes to scan the file. During the scan the disk activity and CPU usage increase. I could also provide my nod32 settings if required. I would appreciate if eset could take a look at this file and hopefully solve the problem.

    I'm using English Windows Vista with SP1 and Nod32 3.0.650.0.

    Gan
     
  2. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Since no one replied to this post i used the "Customer care support request" option in nod32 to report the problem and i included the dll that caused this issue. I sent the requested yesterday and today 3 modules where updated (Adv. heruristics, archive support module and cleaner module) and the problem is gone. I don't know if this is just a coincidence or not since i never heard anything from eset, but if the problem was fixed because of the support request i made i have to say that i'm very impressed how fast eset solved this problem. Would have been nice to receive some kind of feedback though, but then again since i heard nothing it could be a coincidence that the problem is fixed now.....i don't know.
     
Thread Status:
Not open for further replies.