Scheduled scans - run problems or logging problems?

Discussion in 'ESET NOD32 v3 Beta Forum' started by BlueZannetti, Jul 25, 2004.

Thread Status:
Not open for further replies.
  1. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I've had the beta installed for a couple of days now. I generally have my AV set to run a scan during the overnight hours. The system is an XP Pro. I'll be logged on as a user, but generally disconnected from the console when the scheduled scan starts. This scheme works fine with the commercial NOD32 release. With the beta, either the scan is not occurring or the log file is not being properly written to and closed.

    I can see that the scan starts. A typical logfile screen shot from these overnight scans is shown below. Almost immediately, a message stating "C:\pagefile.sys - error opening (file locked) [4]" should appear, it never does, nor does the scanning log ever get closed out - it still shows as "scanning" hours later. If I run the same scheduled scan while I am active at the console it seems to work fine, although I have not run it to completion - just to the point where the logfile starts to get populated with expected entries. Also, there aren't any indications of problems in the XP Event Viewer.

    Has anyone else noted this type of problem while running this style of scan? Just trying to see if it's a general issue or local configuration problem before getting into a significant bother over it.

    Blue
     

    Attached Files:

  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I do a weekly scan sunday mornings at 3AM so last nite was the first with the new beta. Mine didnt hang like yours did, but it did take an hour and a half to finish(last weeks with 2.000.9 took only 24 mins) Something isn't right. Might have to go back to 2.000.9 until the beta is ready for release.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Thanks for the info flyrfan111. At least it suggests that I should do some controlled tests with settings adjusted and maybe a bit of disabling other processes. I think I can basically mimic the overnight situation with a combination of rescheduled scans and fast user switching where I don't do a logon after the indication of a switch user - that disconnects my session from the console at will without logging me off. It may take a few days since tonight is gone, if I find anything out, I'll post the results.

    Blue
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Last nights scan went as before - according to the log, the scan was initiated but no additional information was logged. At this point the scan should have completed.

    I have been able to replicate the problem in a controlled fashion by doing the following:

    1. Set my daily scan a couple of minutes ahead of the current time.
    2. Select Start>Log Off, but instead of logging off, select switch user. This puts the machine in basically the same state it will be during an overnight run.
    3. I can see the scan starting through the continuous disk activity at the appropriate time. If I logon a short time later (plenty of disk activity present still - so the scan is occurring) and bring up the scan log, it looks exactly like the screenshot posted above. The scan is continuing though, and will until I either quit NOD32 or reboot.
    4. If I do a reboot, it looks like a write buffer gets flushed in that a partial entry of information gets written to the log file. I've also gone back to the logfile taken from the screenshot posted. That has a partial list of the information it should based on an equivalent scheduled scan that I ran while I was active at the console, as does last nights scan now (after a reboot) - there is some information, but well below what should be there, and the log still indicates that the system is scanning, which it isn't.

    So, it seems to be more of a logging issue than a scanning problem. However, it appears that only a portion of the information that should be present gets written to the log, and even this requires a system reboot.

    Could someone from Eset see if they can replicate the problem in their labs using the steps described above? I tend to use overnight scans and log checks as a standard tool and having partial information is a problem. Thanks

    Blue
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Does it work fine if you just do a normal on-demand scan? The problem is only on the overnite scan?
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    flyrfan111,

    You question prompted me to do a couple more tests. I originally thought that I had to be disconnected from the console session to get this behavior. That's incorrect. At least in my hands, any scan initiated from the Scheduler/Planner within the Control Centre seems to give this behavior. I can be in the middle of an active session (like right now), and the logfile looks like the one I've pasted above. Initiate a scan using NOD32>Run NOD32>Scan manually, and I get the expected normal looking logfile.

    Under the active profile, I do have the scanning log enabled.

    Blue.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,742
    Location:
    Texas
    I did a scheduled scan to see what my log looked like. No additional parameters entered, this was the default setting.
     

    Attached Files:

  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    ronjor,

    Based on what you're seeing, I did the only reasonable thing - complete uninstall, download a fresh copy, reinstall the pristine copy and check with very limited filesets.

    It seems to be behaving itself. I get the expected log information as you've shown. I'll see what happens overnight. Hopefully, it's not getting hung up some where, but I should know by tomorrow. If it checks out overnight - I guess I'll chalk it up to unknown gremlins or a dicey install - somewhere in all this, ProcessGuard flaked out on me (loss of protected file list) - not sure if that's related or coincidental.

    Thanks for taking the time to check it out on your system.

    Blue
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    My system seems to be fixed for now. I had the ADS problem from trialing KAV 5, I used STREAMS.exe from sysinternals to get rid of them and everything seems to be fine after a reinstall of NOD.
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    And the verdict is....., success on the overnight scan! Whatever it was, it's now fixed and NOD32 is running as smooth as silk.

    Blue
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,742
    Location:
    Texas


    Blue,

    If you hang garlic in the same room your computer is in, this will sometimes help!! :cool:
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LMAO, nice :D

    :D :cool: :D :cool: :D
     
  13. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I was wondering what that scent was.... I like to think of it as the must have item for the fully accessorized PC.

    Blue
     
Thread Status:
Not open for further replies.