v4.0 killing downloads? [Yes, it is!]

Discussion in 'ESET NOD32 Antivirus' started by m00nbl00d, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    I know what you mean, but I haven't experienced the CPU spikes issue before. V3 used to work perfectly on my machine. Something appears to have changed.

    Of course, it could be that I've not downloaded a file that is affected like this before and that the issue was there all along.

    Either way, let's hope it is fixed soon.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Update: The file is a 7-zip archive. With NOD32 uninstalled, it takes me about 5-6 seconds to perform an archive test with 7-zip so it's not a problem of NOD32 itself that unpacking takes so much time. You can test it yourself - disable real-time / web protection and use 7-zip to test or extract the archive and measure the time it takes.
    Anyway, I'll pass that file to the developer responsible for the 7-zip unpacker, maybe there's some room for optimizing the code.
     
  3. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Thanks Marcos, just as a follow-up I've just done some tests myself. Okay, times are approximate but it shows the issue,

    With web protection disabled,

    3 seconds for the file to complete after downloading using Internet Explorer.
    7 seconds to extract 7-zip archive to disc with WinRAR


    With web protection enabled,

    26 seconds for the file to complete after downloading using Internet Explorer.
    7 seconds to extract 7-zip archive to disc with WinRAR


    According to these results, the Web Protection seems to be the issue and if it is due to the in-built 7-zip unpacker, it needs about 20 seconds wiping off this time to make it smooth.
     
  4. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    So what's the problem?
    You download a file, NOD32 web protection scans it, including Advanced Heuristics.
    It does not take that long, even for big files.
     
  5. thylacine

    thylacine Registered Member

    Joined:
    Nov 9, 2007
    Posts:
    41
    same for me (i thought i was alone with this quirk) ....

    normally it happens to EXEcutable files ... once it's nearly completed (aka file fully complete), EAV takes over and scanned the file ... this is the point where the lags happens as if EAV tries to keep on digging the executable for signs of infection ...

    it's good, but it's too excessive and obvious slowdown --> leads to poor user experience :)
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Was that suppose to be a joke?

    Please, read the thread from the beginning, the reason why started it, and what others have posted, reporting the same issue - EAV kills downloads (the ones I tried were 85MB) when they reach 99%, which is the time when EAV starts to scan them. It hangs at the 99% and after a while, the download gives an error message.

    Thanks to this, I wasted more traffic than I just should have, considering all I wanted was to waste 85MB.

    And, I didn't know if was or not EAV killing the downloads. So,I tried and I tried to finish the download, and wasn't possible to resume it. The server, where it was stored, wouldn't allow it. I wasted a lot of traffic.
    I thought if it could be a problem with that server, but, I downloaded it from one other "mirror" (non-official) and at 99%, it hanged and there's a error.

    Something had to be wrong, and the only thing, that could be causing something, was the antivirus.

    So, please, don't come with comments like those of yours. It shows total lack of respect.
     
  7. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    It does not kill downloads for me...
    Ok...then what browser do you use and what OS. And do you have other firewall or anti-malware software running at the same time?
    Also does this happen only on this one download server or on other servers too?

    As I said, I don't have this problem, using EAV 4.0, Vista x64 SP1, FF3, no other firewall or anti-malware running(except Vista Firewall and Defender), all updated.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It happens regardless of the browser used. It happens regardless of what file, from what server you download.

    This is not a problem with other security applications. This is a problem with Eset.
    If this was, indeed, a problem with other security applications I might have, uninstalling EAV wouldn't solve a damn thing, in the first place.

    Maybe, as I mentioned before, this is not a new problem, rather an enhanced problem related to the CPU spikes. CPU spikes, which I do have. Even with default settings.

    What I don't understand, is why, I never had this issue with both Beta and RC versions.
    This may sound ridiculous, but, both Beta and RC versions, where the most stable versions of EAV I ever used, since v3.
     
  9. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    After downloading a number of files, I do think that it is 7-zip SFX (self-extracting archives) files that cause this, exactly as Marcos said. CAB SFX archives definitely work fine. Both are EXE files, so I think whether or not this affects anyone just depends on the type of files they are downloading. There are, of course, various types of self-extracting archives.

    As all self-extracting archives are EXE, I don't think you can tell what type of file it is until it is saved to disc.

    So just downloading ANY file, whatever its size, and saying "it works fine here" is a bit irrelevant. However, if anyone can download 7-zip SFX (EXE) files without any lag being introduced by NOD, such as the one I've linked to in an earlier post, please let us know. Who knows, maybe you have the ideal settings or something?


    Hi moonblood, are you sure this statement is absolutely correct? Because if it is, we may have different problems. Can you try downloading something like IE8 RC from Microsoft? This is a 16Mb file that is a CAB SFX archive, and has no lag or CPU spike on my system. Whereas any 7-zip SFX archive causes a spike and a lag. Thanks.
     
    Last edited: Mar 6, 2009
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You're right. It seems to be related to 7-zip packer/unpacker.

    At the time, when this started to happen, I do believe the packer/unpacker used to pack the application I downloaded was/is 7-zip.

    But, I tried a different download, which was packed zip file. If it was or not packed with 7-zip, I can't tell.

    I also can't test it now, as I no longer have EAV on my system, for other reasons than just this one.

    Regards
     
  11. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Okay, this does seem the same issue then. Thanks for replying

    Regards
     
  12. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    I tested this file and there was only a couple of seconds lag at the end of the download, so it seems it's machine specific. V4 is on default settings and used FF 3 on XP with an E8400 processor.
     
  13. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    Last edited: Mar 6, 2009
  14. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden
    I'm using FF 3.0 and EAV v.4.0 (default settings) and I get lag for about 10-15 sec. (ekrn.exe using 99% CPU) when downloading that link.

    My system:
    OS: Windows XP Home Edition (SP3)
    CPU: AMD Athlon XP 3000+ (2,1 GHz)
    1 GB RAM

    It could be that only single core processors are affected.
     
  15. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Tested on a E2180 machine FF3 XP SP3 and about 5-10 seconds finish lag with the above Google file. Everything else the same as my E8400 machine.
     
  16. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    No, both laptop and main PC are Core2 Duo machines. But both use Vista Home Premium 32bit, so maybe that's the difference?

    EDIT: For those interested,
    Main PC = Core2 Duo E6600 @ 2.40GHz, 2Gb RAM, Vista Home Premium 32bit /w SP1 and all updates
    Laptop = Core2 Duo T5450 @ 1.66GHz, 2Gb RAM, Vista Home Premium 32bit /w SP1 and all updates

    Be aware that at least on my system FF3 is a bit misleading. When the file has downloaded but it just shows a full progress bar with "a few seconds remaining" for about 15 seconds, then it says scanning for viruses for a further 11 seconds. During the whole of this time, ekrn.exe is using a lot of CPU cycles (40-50% = 95-100% of a core). So the overall time is about the same as IE7 on my machine.
     
    Last edited: Mar 6, 2009
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    If you use Firefox, you can try this tip. Firefox crashes when attempting to perform a virus scan
     
  18. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Hi ronjor, I don't normally use FF3 but thanks for the tip. Tried it and the lag has been reduced to about 17 seconds. Still not good, but definitely an improvement and a worthwhile work-around nonetheless.
     
  19. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    THE LAG IS NOT THE PROBLEM.
    original poster said downloads get broken, that is a problem I see.
    the lag is just nod32 doing it's job, advanced heuristics included.
    and it's not like it's system-wide lag, no, I don't even notice it unless I look at download progress window.
     
  20. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    NONSENSE! The lag is a problem. It is NOT "just NOD32 doing its job". If it were, then why doesn't the lag appear when the very same files are extracted with another application (WinRAR for example)? NOD still scans the extracted files without any noticeable spike in CPU cycles and with little or no lag. Newly created files are scanned using advanced heuristics on my setup, and I've even tried turning up the settings to use advanced heuristics all the time in the real-time scanning. The result is the same.

    As Marcos seemed to indicate, there is an issue with the 7-zip extractor that NOD uses. This is where the lag seems to be created.



    All I read into this is that large files that have the lag take so long to complete that they appear to just stop. I guess if left long enough (and who knows how long this would be, it depends on the file) then the download would finally complete.


    And here's some more tests I've done scanning the Google SketchUp 7-zip SFX file....

    On-demand scan /w self-extracting archives option enabled
    21 to 25 seconds, 3 objects scanned (archive + 2 files it contains)

    On-demand scan /w self-extracting archives option disabled
    0 seconds, (no internal scanning done)

    On-demand scan of folder containing files extracted from archive with WinRAR
    0 seconds, 2 objects scanned.
    The 2 files are a 41.7MB .msi (windows installer) file and a 368KB setup.exe file.

    I think the results speak for themselves.

    EDIT: BTW, the WinRAR extraction of the Google Sketchup file takes approx. 6 seconds
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, the lag is the problem, and due to the fact, that that's what is causing the downloads not to finish and to give an error.

    The downloads don't seem to just have stopped. After a very long lag, which represents the time of EAV scanning it, the download will become broken.

    If there servers, where you got the file from, allows resuming, then, maybe, one could still finish the download. Maybe. I don't know. What I do know, is that, I tried and I tried, and, the result was always the same - a very long lag at the 99% (which gives the idea the downlod has just stopped) and then broken download.

    It doesn't just give an impression that's it's broken, it is broken.
     
  22. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Yes, maybe the server needs some feedback to confirm the file transfer has completed. Then the lag maybe causes a timeout to be triggered in your case. I don't know for sure, just guessing.

    I just hope Eset can sort this unpacking problem out, because it is definitely not normal behaviour for an app.
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    In case of large archives it's normal to observe a several seconds delay. As soon as the download has completed, web protection unpacks the files to the disk and scans each file before the archive is passed to the application that downloaded the archive. I assume setting a size limit in v4 would work for you if you often experience this problem.
     
  24. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Does anybody else have 7-zip to test with?

    I haven't but I'm interested...

    Cheers :)
     
  25. UglyChild

    UglyChild Registered Member

    Joined:
    Mar 8, 2009
    Posts:
    15
    I did download Google Sketchup from the link above, and i did get almost same issue with download stopping at 99% for about 10sec. Then the file gets scanned for about 6-8sec. Then i can use the file.

    I repeated this process 3 times just to see what happens and it did same thing 3 times in a row. I never had this issue with NOD32 V3. But i do have this delay with V4 now. No CPU spikes though.

    V4 Beta did not have this "issue".



    Whats interesting, is that it doesn't happen to every file i download. As a test, i downloaded iTunes+QuickTime package from apple.com, and it never stopped at 99%, no did it perform a scan of the file. It downloaded the file perfectly with out stopping.




    NOD32 V4 64Bit
    Vista Ultimate 64 Bit
    FF 3.0.7
    Intel Core Quad.
    8GB of RAM
     
    Last edited: Mar 8, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.