NOD32 V4.0.467 - how to tell why system startup is so slow?

Discussion in 'ESET NOD32 Antivirus' started by JNicoll23, Oct 24, 2009.

Thread Status:
Not open for further replies.
  1. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    I'm using a Win XP Pro SP3 system, AMD Sempron 3000, 1.8GHz. I see ekrn.exe running at or near 100% CPU for 4-5 minutes as the system starts up.

    Once this has stopped I have no complaints about NOD32, but it's really annoying me. I don't want to turn it off completely but would like to know why it takes so long to do whatever it is doing.

    I've looked at various threads here, eg one that suggests that editing the profile for the system startup on-demand scan allows me to tailor what is done by this scan. (It doesn't seem to me that calling the system startup scan an 'on-demand' one is intuitive.)

    Anyway, when I look at the setup info for 'on-demand' scans there isn't an existing profile for system startup. The only profiles provided are for:

    In-depth scan
    Context menu scan
    Smart scan

    I presume the first of these is parameters for what you get when, using the provided GUI, you start a in-depth scan of your whole machine.

    And the second is obviously used for Windows Explorer's right-click context menu.

    According to 'help', "Smart scan" is for GUI-initiated simple scans - so it's not system startups either.

    So, is there a way to configure what's being done by the system startup scan?
     
  2. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Yes, if you have the advanced display mode turned on, go to Tools and then click on Scheduler. There you can edit the start-up scan.
     
  3. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    Thanks very much; I don't think I'd have thought of looking there! However, although this lets me choose - well - scheduling info for the start-up scan (eg how many times a day to do it), it doesn't seem to have any options for setting which files are actually scanned. Am I missing something?
     
  4. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Yes, if you edit the schedule task the last step lets you decide what to scan.
     
  5. rolarocka

    rolarocka Guest

    Arent this the options for startup/scheduled scans?
    2009-10-25_113847.jpg

    Btw i have disabled startup and scheduled scans because of the system drag and because i luckily have a clean system and nearly never get infected.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd prefer configuring the startup scan tasks to run when the system is idle to disabling them completely. By disabling startup scan tasks you disable one layer of protection so potentially a piece of malware may not be discovered and running silently in the background.
     

    Attached Files:

  7. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    I agree entirely, but until a few seconds ago I'd never seen the screen whose image you included. I've discovered what looks like a GUI bug.

    If I go to Tools -> Scheduler, and highlight the startup file check line, then click on the Edit button, I am taken through a series of parameter screens which end in one that summaries what's been defined and has a Finished button on it. I do not see the screen you showed.

    However if I repeat the process (but why would anyone think to do that?) this time after I click Finish I do get shown the screen you showed.

    If I repeat this over and over again, only every second time through the sequence do I get shown that screen.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's ok, these are additional settings specific just for the startup scan tasks.
     
  9. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    Having looked more closely at the Scheduler's entries, I wonder if there's perhaps another problem? There's two types of file check described there - one triggered by user logon, the other by virus signature file update.

    Hardly surprisingly, when I turn my machine on - roughly once per day - and login, soon after, the sig file is often updated. Is it possible that two startup file checks are getting run, one immediately after the other or possibly even overlapping each other?
     
  10. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland

    What do you mean, it's OK? Either the Edit dialog should show the extra options or it shouldn't. It shouldn't only show them sometimes according to some whim of its own.

    I repeat - if I first try to edit the definition of the startup scan I DO NOT get shown the options. If I try again to edit the same definition I DO get shown them. Then if I try again, I don't. Then I do. Don't. Do. Don't. Do.

    Apart from the only-sometimes aspect of this it also does not make sense that even when the pane is shown, it gets displayed AFTER I've clicked the Finish button to end the edit.

    It's like pantomime season, but not so funny.
     
  11. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    I see it everytime....
     
  12. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    You see the problem, or you see the extra pane?

    If you see the pane, does it also show on your system AFTER you click the Finish button?
     
  13. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    We're not talking about definition updates here.
    Go to the main window and click Tools. Then from the drop down menu click Scheduler/planner. Then go to the last 2 items listed "Automatic system start" and highlight them one at a time and click edit. Now you can schedule them to run when ever you like other than on boot up. This solves the long boot ups. Believe me I know. :)
     
  14. rolarocka

    rolarocka Guest

    Setting the defaults to "Idle" like Marcos said does the trick too. I have enabled back the scheduled scans and dont notice slowdowns with "Idle" anymore.
     
  15. JNicoll23

    JNicoll23 Registered Member

    Joined:
    Oct 24, 2009
    Posts:
    14
    Location:
    Scotland
    Yes it sounds like a good idea, but why does the pane where you make this setting not show up when I first try to edit a startup check's definition?
     
  16. Cerpintine

    Cerpintine Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    3

    Err, does one only have the option to do this in the full/registered version? I have a pretty high end pc but the startup scanning is annoying me. It's not too bad, taking 30 secs > 1 min, but I don't need it every time. Anyway, this is what my trial version looks like:

    http://i2.photobucket.com/albums/y8/skratch_master/desktop_2.jpg
     
  17. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    You go to the tools section of NOD itself to change the scheduler, not from advanced setup page.
     
  18. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    The Main window. Look up in the right hand upper corner and you'll see "tools"
     
  19. gmiest

    gmiest Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    43
    Is there a way to set this idle configuration using the ERAC?

    Running these "startup scans" each and every time there's an update is grinding machines to a crawl multiple times a day. The machines range from 5 year old Dell laptops to new 16GB multi-core workstations. Each startup scan makes the machine unusable for around 6-7 minutes.
     
  20. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    You can do that. The easiest way to do this is to grab a current configuration of one of the clients and edit that one.
    From there you can open the file with ESET configuration editor and edit the start-up scan after update. It is located under ESET Kernel --> Setup --> Scheduler. Last window you should be able to set the priority.
     
  21. gmiest

    gmiest Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    43
    I'm not entirely sure of the process you're describing.

    I got as far as opening up the application on a client machine and exporting the policy to an XML file. After opening up that file in the configuration editor I've noticed another problem with ESET - the policy I have set in the ERAC and pushed out to all clients has not been taking effect, even though the ERAC says it has.

    I'll make a new thread about the new problem. In the meantime I wonder if you could elaborate on the process you described above.
     
  22. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    After you opened the xml file in the config editor go to 'Scheduler/Planner' as shown in the screenshot below:
    http://dl.dropbox.com/u/349356/esethelp1.png

    After you choose to edit the scheduler/planner tasks you will get a new window where all your scheduled tasks are displayed.

    Here you can edit both (or only the startup) scan tasks. If you choose 'edit' after highlighting the task you wish to edit you will get into a little wizard.
    After the wizard 'Finish' button you can alter the priority as shown on the screenshot below:
    http://dl.dropbox.com/u/349356/esethelp2.png

    I hope I made myself a bit more clear this time. :)
     
Thread Status:
Not open for further replies.