System and startup slowdowns

Discussion in 'ESET Smart Security' started by terradon, Oct 20, 2012.

Thread Status:
Not open for further replies.
  1. terradon

    terradon Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    78
    I've been seeing significant slowdowns the past few weeks. I enabled logging of HIPS blocked operations and it seems to be overly paranoid. <g> It especially doesn't like the RoboFormTaskbarIcon.exe. The rule usually cited is SelfDefense: Protectekrn and egui processes. It really goes nuts during bootup. I enabled bootlogging in procmon and 10 blocks in a row were Procmon64.exe. Svchost.exe was blocked from modifying the state of winlogon.exe. It's no wonder that procmon showed an almost constant stream of reparsing and a total boot time of nearly 1.5 minutes on a relatively fast system that would normally take less than 30 seconds.


    ESS5.2.9.1
    Self-defense support module: 1018 (20100212)
    Real-time file system protection module: 1006 (20110221)
    HIPS support module:1057 (20121010)

    Win7 64bit Home Premium
    Core2 Quad
    8.0GB RAM
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    My understanding is that RoboForm is utility to capture, store and enter all of the passwords for various websites. This behavior requires intercepting various web browsers and possibly the keyboard as well, so given these types of actions, the slowdown in performance you noted it to be expected when Logged all blocked operations is enabled in HIPS.

    The HIPS Logged all blocked operations option is intended to be used only to troubleshoot HIPS-related issues and not meant to be used on a continuous basis because of the potential impact on system performance as well as log file generation.

    Unless you are trying to troubleshoot a specific problems with HIPS and have been asked to enable the option by ESET support for purposes of finding a solution, I would recommend leaving the option disabled.

    Regards,

    Aryeh Goretsky
     
  3. terradon

    terradon Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    78
    Thanks Aryeh,

    I did enable logging to try to troubleshoot the system slowdowns and slow startup. I did not enable logging until after I noticed the slowdown and wanted to do some troubleshooting.

    I didn't have the free time to check each of these steps, so I don't know which has/had the most impact, but here is what I did that seems to have helped.
    1) I opened Windows Defender and disabled it from loading at startup.
    2) I disabled HIPS.

    Startup is noticably faster and I haven't seen programs become unresponsive, something that happened with increasing regularity.

    I'm not excited about running without HIPS, but, until I am convinced that it doesn't hurt my productivity, I have no choice.:(
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I'm not sure where in the world you are located, but if you contact your local ESET distributor or regional office and open a ticket with support, they can begin investigating the issue with you directly and work to resolve it.

    Regards,

    Aryeh Goretsky
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Would it be possible to uninstall or at least shut down RoboForm for a while to see if it makes a difference? If there's no difference in performance, enable logging of blocked operations again and see what's being logged.
     
Thread Status:
Not open for further replies.