scanning downloaded .exe file takes too long

Discussion in 'ESET NOD32 Antivirus' started by tisungho, Mar 21, 2008.

Thread Status:
Not open for further replies.
  1. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Hi,

    Every time I download an .exe file, my computer is almost hanging while Nod's scanning this downloaded file. If I download 15MB exe file, it'll take almost 1 min to finish investigating this file, and it eats up 90-100% cpu usage.
    Do u have any way to reduce this issue? I'm using version 3.0.642
    Thank you!
     
  2. ASpace

    ASpace Guest

    The scan time will depend on what computer you have (your specifications) .

    1. Open the user interface of the program
    2. Press F5 to enter the advanced setup tree
    3. Navigate to "Web-access protection"
    4. Press "Setup" button
    5. Uncheck detection for realtime packers and usage of advanced heuristics
    6. Press OK
    7. Navigate to "Real time file system protection" and revert the settings to their default one (just to be sure you haven't made any not so good changes) .
    8. Press OK

    Don't worry that we'll disable Advanced heuristics in the web module . It will remain active in the kernel scanner (start-up scanner) and in the real time file system protection , which is more important! :thumb:
     

    Attached Files:

  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Yes, and instead of the one-time one minute lag we get after downloading the file, we get it EVERY time we try to access the file.
     
  4. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Thanks for your quick reply. But sorry it doesn't help! I did the same way you said. I tried to download an exe file. It still hangs. This still happens even I delete an exe file.
     
  5. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    Just one question : do you use KPF 4.x as a firewall ?

    Regards
     
  6. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    I agree!
    With 2.7 I've never had such problems.
    HiTech_boy...I understand your piont of view but solution should be in better optimization od EAV not in less protection!
     
  7. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    I'm using Online Armor free edition
     
  8. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    please provid us exe link
     
  9. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
  10. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, do you use active or passive mode of HTTP scanner?
     
  11. techtype

    techtype Registered Member

    Joined:
    Nov 1, 2006
    Posts:
    80
    Yeah, the solution is not disabling protection. No matter how powerful your computer is, Nod32 Version 3 struggles with that file. It takes several seconds on my QX9650 processor.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There are about 550 files in the sfx archive. Disabling scanning sfx archives should help.
     
  13. AlunS

    AlunS Registered Member

    Joined:
    Mar 7, 2008
    Posts:
    2
    Try cranking up SysInternals' FileMon while the scanning is going on :) Gazillions of temporary files being created and then being read, almost sequentially, one byte at a time ... no wonder it's taking so long!
     
  14. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Disabling SFX Archives in Real time scanner does help but not in Web Access.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Off topic, unhelpful post removed.
     
  16. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Disable it in web acces protection. ;)
     
  17. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    How to disable sfx archives o_O? Anyone can help ?*puppy*
     
  18. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi,
    Setup -> Enter entire advanced setup tree... -> Choose modules and click Setup -> Objects -> Uncheck Self-extracting archives

    :thumb:
     
  19. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    With all respect but your soultions are: disable advanced heuristic, disable SFX, disable active mode, disable runtime packers...until all checkboxes are unchecked...C'mon then, let's uncheck ALL right after installing of EAV :D

    On this forum we all want better EAV...and only way for that is to point out bad things in EAV (and that ESET guys admit they really exist) and not to post workarounds as cover! Version 3 is out for months and I don't see any REAL improvements since the first final realise!
     
  20. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    When you check changelog and read this thread, you find out that a lot of bugs had been fixed. Every response and question from Marcos or any other help discovers details about your problem and they forward it to development.

    But you have to accept that file with big size causes slowdown and sometimes even bigger problem. Realtime shield "isn't" for scanning these files.

    I recommend scan big files via on-demand scanner and after his problem contact forum or support team. SFX archives are used eg. by trojans.

    Best regards. :)
     
  21. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Thanks but I saw changelog long time ago here http://www.eset.eu/support/changelog-eset-nod32-antivirus

    Are you trying to say that I should disable realtime protection every time when I work with large "exe" files?!...is it another workaround? :cool:

    But again, my main point is:
    Advanced heuristic in v 3.0 is the same (yet) as in v 2.7...and I really dont see why EAV v 3.0 is that HEAVY?!
    v 2.7 work great on my old PC (P III) but v 3.0 (with practically same engine) slowdown C2D :thumbd:
    I liked NOD32 because it's lightweight and advanced heuristic but now I don't know what to think :rolleyes:
     
    Last edited: Mar 24, 2008
  22. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    When you work with large files, not only with archive on hdd, but with downloading files too, there is temp folder. Eg. file is extracting from standard RAR archive into temp folder, then is be copying to final folder. And this is under control of realtime protection. => It takes a lot of time. When I disable shield or enable, result is almost the same (slow). But if problem is really in ThreatSense engine, developers will find a mistake and fix it.

    AH module (and others) are still developed, actual version is 1070 (20080212). You can try download LookInMyPC and send log to support team.

    Me too. ;)
     
  23. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    I hope they will. But firts they have to admit (not to me but themselves) that problem exist.


    I've done this before with ESS and EAV BETA and I can do this again...but ESS and EAV are now "final" versions...plus this problem is not related to my system exclusively (this is well known problem since the first BETA).

    :D
     
  24. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    I did only real time sfx helped is what I meant. :)
     
  25. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    I don't see modules in the menu. Can you be very specific when and
    which are the ones to uncheck o_O

    Thank you !:p
     
Thread Status:
Not open for further replies.