Nod32 v3 pegging cpu at 97%

Discussion in 'ESET NOD32 Antivirus' started by enduser999, Jun 24, 2009.

Thread Status:
Not open for further replies.
  1. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I got fed up with NOD32 v4 bringing my AMD 3500+ and XP SP3 w 2GB RAM to a standstill when downloading large files. I completely removed NOD32 V4 and installed Version 3.0.684 which is better since the computer is still usable.

    However when FFox 3.0.11 is downloading the browser is unusable and is almost like its Unresponding. For example downloading a 9.7MB today on my 8Mbps downstream connection FFox was unusable for 40 secs after which the download progress window appeared.

    When the file download neared completion (i.e. at the end of the progress bar in download window) there was a 20 sec delay while NOD32 scanned this 9.7MB file.
     
  2. bradtech

    bradtech Guest

    What is a link to the file? Unfortunately I have seen this since 2.7 and onward on certain files. Hangs at 99%, and takes a while. Certain kinds of files are worse than others..
     
  3. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Its not the file. Its NOD32 that is the problem. I have seen this on multiple files.The file in question was a 9MB exe file.

    Here http://www.tallemu.com/downloads.html try the first file which is 11.8 MB.
     
  4. bradtech

    bradtech Guest

    Yes, I had my Firefox lock up for about 5-6 seconds when I started the download, and then it took about 20-30 seconds after the download was complete. Online Armor V3.5 right?

    What I meant earlier is that I have seen NOD32 behave this way on certain kind of files, and others it not.. I believe it may have to do with the inner making of the file compression types etc.. Thing is I have seen V3, V2, and V4 behave this way in the past..
     
  5. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    The thing is that it should not render the browser unusable for 40 secs in my case by by pushing the CPU to 97% usage for 40 seconds.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The whole installation package is scanned in 9 seconds and the scan time drops to 6 seconds if alreadz extracted files are scanned. If you often have problems with delays when downloading larger files, try setting the size limit in web access and real-time protection setup to 3-4 MB which should be reasonably safe although not as safe as with no size limit. When downloading installers and archives, they are first extracted to the disk and each file is subsuequently scanned so it takes some time which is normal. Even when you're extracting an archive using an unpacker you cannot work with unpacked files immediately but you often have to wait for several seconds or minutes until the extraction completes. For special cases, there's an option to configure the size limit for archives which should help. Still, it's better to wait a bit and have things scanned than setting a size limit and hoping that nothing malicious is embedded in larger archives/installers.
     
  7. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I assume though that you are not using an old AMD64 3500+ w 2GB of RAM and XP.

    Well had asked this in an older thread on these forums, but I see no size limitation setting in NOD32 ver 3.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I use a 2,3 GHz Intel Core Duo and Win XP.

    It's available in v4.
     
  9. bradtech

    bradtech Guest

    Yep I'm ok with the delay. As long as it's being scanned for threats.. I'd rather users have to wait than be infected in my org.
     
  10. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I tested NOD32 v3 on a laptop Pentium Mobile 1.7GHz w 2 GB ram and XP SP3 and FFox 3.0.11 and downloaded the same file. It took 30 seconds before the browser, FFox, became usuable by displaying the download manager and the progress bar for the download started moving. Once the file was downloaded, it took 25 seconds for the file to be scanned.


    Well 9 seconds is fine. However 40 seconds and 30 seconds period on two computers, during which the browser is unusable/non functioning is not.
     
    Last edited: Jun 25, 2009
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try setting a size limit for archives to see if it helps.
     
  12. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    or disable web access protection as you are always protected by real time monitoring
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Not recommended as web access protection uses more sensitive heuristics than other modules and thus can protect against many more new kinds of malware.
     
  14. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I would if I could but version 4 was installed on two computers here and both of them suffered severe system stability problems and version 4 was uninstalled and they currently both have version 3.0.684 so that the computers were usable.

    Another computer, AMD 4400x2 w 3GB of ram and NOD32 v 2.7 FFox 3.0.11 the times were 15secs and 22 secs for download manager to appear and the scan to complete.
     
  15. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    are you telling me that the real time monitor is somehow inferior to the web protection which in itself is a good idea but in practice is slowing down browsing? If yes, however strange i would find that, then I would hope that you would either improve real time monitoring or radically improve web protection
     
  16. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    With default settings, real-time protection doesn't have advanced heuristics enabled but web acess protection have.
     
  17. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    So with it enabled, user has the same level of protection sans the browsing delay
     
  18. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    No.
    With web access protection disabled you can download harmful software from internet (I've tried a few minutes ago with eicar test file) and send it via email, even with all settings on max in real-time protection.
     
  19. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    It can download but can it execute and infect the machine?
     
  20. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    No, they can't be executed ;)
     
Thread Status:
Not open for further replies.