Problem with NOD32 and temp files

Hello, I've spotted that my disk space is disappearing rapidly. So i tried to find whose fault it is. And all leads show to NOD32.
My Windows Version: 7 build 7100
NOD32: 4.0.424.0
Windows Media Player: 12.0.7100.0

So the problem is when I launch Windows Media Player and watch local TV through internet, then NOD32 constantly writes to HTT*.tmp files in TEMP folder.


After shutting down Media Player then NOD32 just close whose files, but do not delete them.

So it keeps growing and growing… Yeseterday I deleted 16GB
View attachment 212422
Does anyone knows solution for this problem?

 

Would you please provide step-by-step instructions how to replicate the problem? Couldn't it be that you have Media Player set to work in active mode in the HTTP scanner setup? As an interim solution, you can exclude Media Player from HTTP checking by putting a red cross in the HTTP scanner -> Web browsers setup.

 

Just launch WMP and play something from internet (radio, tv) and watch how htt*.tmp files are growing.
I've tried the same thing on other machine (XP SP3). And it acts in differrent way. After closing WMP htt*.tmp files are deleted. So i guess it is problem with Windows 7.

No.

Maybe you can upload screenshot with settings, because i ca't find

 

While the below pic is from the 3.0 tutorial, I believe the pic is the same as what would be in 4.0. Not in front of my 4.0 so I can not confirm

Alternately, the program help section is very well laid out and does show the area you are inquiring about.

 

there is no such settings in 4.0

 

At least not with windows vista / 7.It's still there and works great for 3.0 NOD32 though

 

Yes, 4.0 does have those settings in certain Windows builds but it appears by what ccomputertek is saying, they are not present in "with windows vista / 7"

 

I have just cleaned up about 6GB of HTT?.tmp files from \WINDOWS\TEMP as well. Though they haven't come back, yet.

Running 4.0.437.0 on Vista SP2.

 

Just cleaned up about 10MB of these temporary files.

I would like to mention that, these temporary files are not visible if you browse the directory without using an administrator account. In my case, I found them while I ran WinDirStat, and then ran "cmd" "as administrator" to delete them.

 

This issue is still present in 4.0.474 when downloading files even though the file extensions are excluded in Web Access, Realtime, and Exclusions (the latter has the paths excluded too).

I use Windows 7 Pro x64 retail.

edit: these files used several GB on my computer the last time I removed them.
Oh, and I don't use active mode for anything. Before you ask, it isn't possible to exclude an application in W7 x64.

 

This definitely needs to be fixed... I'm seeing it with Windows Vista Ultimate (64-bit, SP2) as well. I just deleted 237MB of these things!

My NOD32 details are:

Virus signature database: 4667 (20091207)
Update module: 1031 (20091029)
Antivirus and antispyware scanner module: 1250 (20091207)
Advanced heuristics module: 1099 (20091030)
Archive support module: 1105 (20091029)
Cleaner module: 1048 (20091123)
Anti-Stealth support module: 1012 (20090526)
SysInspector module: 1213 (20090902)
Self-defense support module : 1009 (20090917)

 

It sounds an application on your computer transfers a non-standard stream via http which results in creation of tmp files that are not subsequently removed automatically. I'd suggest creating a pcap log using Wireshark, capturing the http traffic at the moment the temp files are created and conveying it to ESET for perusal.

 

As far as I can see the common factor seems to be a download with a redirect,
at least when using Mass Downloader or similar.
If you give it the "Download" url from the webpage I linked it seems to consistently create a HTT*.TMP file that doesn't disappear until shutdown/reboot.