Realtime Protection and Archives

Hello,

I created a RAR archive from ~680mb file.
The RAR archive has a size of 140mb (20% compression rate).

When I rightlick that file to open context menu, NOD32v3 RC1 will start scanning. This scan takes about ~5 minutes. In that time, the system becomes unusable.

When I select an context menu entry like properties, NOD32 scans again. Again 5minutes, where I cannot use the system.

Actual: The realtime protection is unusable for me.

 

The real-time protection doesn't scan archives, only sfx archives are scanned on create provided you have that option enabled.

 

Interesting.

Can you explain why ekrn.exe does consum 100% cpu, when I access a RAR archive?

To reproduce:
Create a folder on your desktop called "Test". Put some compressable content into that folder. Now, install WinRAR 3.7 from rarlabs.com. Rightclick on the folder called "Test" and select WinRAR -> Add to archive...
Activate the options "Lock archive", "Put recovery record", "Put authenticity verification" (this requires a registered copy of WinRAR) and "Create solid archive".

Now you will see that after the main WinRAR thread has finished (the WinRAR window is still opend), ekrn.exe will consum 100% cpu.
In my case, after 5 minutes, the WinRAR window get closed normal and the operations finished without errors.

Now, select that file (leftclick) and open context menu (rightclick). Again, ekrn.exe will consum 100% cpu. After 5 minutes (the time, ekrn.exe seems to need to finished whatever it is doing), select properties. Now you have again to wait 5 minutes, until ekrn.exe is finished and properties window of Test.rar shows up.