V4 - can I list EVERYTHING being scanned by realtime scanner?

Discussion in 'ESET NOD32 Antivirus' started by jimwillsher, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Hi all,

    I've had numerous nightmares with V4, including three servers which failed to restart (hung at various Boot stages). That'll teach me to be an early-adopter!

    Anyway, my current problem is that people say the "system" is really, really slow compared to yesterday, especially when usign Sage Acconts. I've excluded a whole raft of Sage folders from the scanner, but is there a way to list *everything* that's being scanned, possibly in realtime (or near realtime)? That way I can see if some obscure file is beign scanned every time Sage tried to read a record etc.

    I'll get my head in my hands if I can't resolve this in the next few hours....

    Many thanks,



    Jim
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can find this feature in Protection status -> Statistics -> Real-time file system protection. You said that the problems emerged after installing v4. Do you mean that you didn't have such problems with v3 whatsoever?
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Many thanks Marcus. The trouble with the Statistics screne is that the entries change so quickly. Ideally I'd like a log file which I can then analyse offline, for example to see that C:\XYZ\123.exe is being scanned 10000 times and is really a genuine, home-written, safe application.

    One server that was rebooted this mornign has already scanned 560000 files in realtime.



    We never had any problems with V3 :(



    Jim
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Jim,
    there's a tool called Process Monitor which you can use to log operations performed by specific processes. Just set the filter to include "ekrn.exe" and watch the log for files being accessed / scanned. It should give you a clue as to what is being scanned so you can subsequently try excluding that folder. Please let me know about your findings as we are not aware of any changes between v3 and v4 that would result in such problems. Quite the contrary, v4 should be a bit faster than v3.
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Many thanks Marcos I appreciate your replies. I have used Process Monitor in the past (or Process Explorer) but didn't think to try it for this problem. I will try it now!



    Jim
     
Thread Status:
Not open for further replies.