nod32 v4 seems slow in windows 7 x264

Discussion in 'ESET NOD32 Antivirus' started by chrcol, Dec 13, 2009.

Thread Status:
Not open for further replies.
  1. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    on this machine nod32 seems sluggish, I am using the same setting as I used to use on my XP installation.

    A test file I uploaded here.

    http://www.chrysalisnet.org/beats_NirSoft_Suite_09-12-12_x86_Addon.7z

    With advanced heuristics enabled it takes 40 seconds to scan.
    Without it still takes 15 seconds to scan.

    If others can test and compare for me it will be appreciated, stating if you using nod32 v2 v3 or v4 and what http scan settings you have on. I also turned off archive scan in documents since if thats enabled it scans the file twice and it can take almost 2 minutes to scan the file.

    Finally is there a reason why ekrn.exe is not a true 64bit service? running 32bit apps on 64bit has a performance penalty and ekrn.exe is the process that saturates cpu whilst the scan is been done.
     
  2. ChickC

    ChickC Registered Member

    Joined:
    Dec 17, 2004
    Posts:
    26
    Location:
    Proudly, one of the, "Blue States" CT
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    No problems scanning the file here with maximum settings on Win7, 64-bit, there's no reason for this to behave differently with v2/v3/v4. I for one am not aware of other problems except those caused by utilizing Windows Platform Filtering instead of redirection through a local proxy as used by v3.
     

    Attached Files:

    • scan.jpg
      scan.jpg
      File size:
      41.6 KB
      Views:
      974
    Last edited: Dec 14, 2009
  4. ChickC

    ChickC Registered Member

    Joined:
    Dec 17, 2004
    Posts:
    26
    Location:
    Proudly, one of the, "Blue States" CT
    Marcos, if you are not aware of any other problems check your ping rate (latency) with and without web access protection enabled under Windows7 x64. I am seeing a 133 minimum ms difference. If I do not have protection on the web I might as well not have virus protection.

    If you check the link above I am sure you will see I am not alone in experiencing this problem with this version. I have seen nothing about ESET acknowledging this problem or a solution.

    If I am missing something please let me know.

    Thanks
     
  5. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    Are you running the newest 4.0.474.0 build? What sites are you trying to ping on the outside? Does your latency go up when you ping across your LAN or is it just out to the internet?
     
  6. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    I'm running Windows 7 64-bit with NOD32 v4.0.474. The ping times on my machine are identical whether I have web protection turned on or off. I tested pinging against google, bing and espn.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I know that pings are high when another application utilizing WFP is installed that doesn't play nicely with other WFP-aware applications. There will be some improvements in the upcoming major build in this regard, but it's mainly the other application or WFP itself responsible for problems (regarding WFP, vendors have been anticipating a fix to memory leaks from Microsoft for quite a long time).
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina

    Please give me a break, you must have had to many marshmellow roasting outings with Hi-Tech. Trust me, 3-64 bit computers and Eset scans like a banshee in heat.
     
  10. ChickC

    ChickC Registered Member

    Joined:
    Dec 17, 2004
    Posts:
    26
    Location:
    Proudly, one of the, "Blue States" CT
    I am running ESET NOD32 Antivirus 4.0.474.0 . I running the test @ http://www.speedtest.net/. It doesen't matter if I am connected direct from the modem to the internet or through my router. The results are basically the same.

    I hope you can see the screen captures. They show the amount of pings with HTTP screening On, Off and a capture of NOD opion for HTTP Off.
     

    Attached Files:

  11. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    I am dissapointed some people cant post mature replies, did those people even test the file?

    another test, nvidias bloated 150meg driver. I downloaded it today, well attempted to download it but I got another connection reset error, ekrn.exe was at max cpu for around 3 minutes then connection reset download aborted.

    Had to disable nod32 to download the file.

    Real time scanning seems fine but http is defenitly slower.

    Also I kept my old xp install on my hdd and I am able to boot XP on demand over usb no problem, so tested it on my XP install and it only took 5 seconds to scan the download. Something is defenitly wrong with http scanning in windows 7 nod32.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    You are wondering that it takes time to unpack a 150-mb installer and scan each file inside which is pretty normal. Even unpacking the archive/installer with the appropriate decompression tool would take time to extract the files to the disk so why an AV program should be different when the very same operations coupled with file code emulation are performed?

    If you're downloading large files and mind delays, simply set a size limit for files scanned by web protection.
     
  13. buckZor

    buckZor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    14
    Location:
    Peoples Republic of Oregon
    chrcol - can you post the link to the file that was giving you trouble downloading? I'll try it on my Win7 Enterprise x64 install with NOD32 v4 and see if I have problems..
     
  14. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    hi buckZor.

    here is the link but I may be breaking nvidia website t&c by posting it here as supposed to agree to their terms before downloading. I will edit out the link tommorow so its only here temporarily.

    http://uk.download.nvidia.com/Windo...op_win7_winvista_64bit_international_whql.exe

    Seems the problem may have gone away tho. at least for the nvidia drivers. On my laptop I noticed it was fast scanning the nvidia drivers (not the other file tho) so I changed the few settings that were different, mainly the optimize scanning settings for documents and http, was turned on on this machine but off on the laptop, when it is disabled the scan is almost instant even with advanced heuristics.
     
  15. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    thats fine, but I have been seeing it on some small files also, some under a meg have been doing it, but hopefully from now on it will be ok.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Even if a file with the size of 1 MB is compressed with high compression ratio using a packer that takes time to emulate, it may take a couple of seconds for advanced heuristics to go through it. It's always good to report such files as we can make exceptions for AH emulation based on various criteria.
     
  17. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    interesting.

    now the nvidia file is "connection reset by peer" again, after a minute or so delay of ekrn.exe maximum cpu usage. I changed no settings I simply tried downloading it again.

    buckzor you had time to test it yet?
     
Thread Status:
Not open for further replies.