Very Slow Scanning of CHM Files

Discussion in 'ESET NOD32 Antivirus' started by wraithdu, Jun 10, 2008.

Thread Status:
Not open for further replies.
  1. wraithdu

    wraithdu Registered Member

    Joined:
    Jul 22, 2007
    Posts:
    21
    Since about a week or so ago, NOD32 3.0.657 has been extraordinarily slow when scanning CHM files (help files). This is especially prevalent with the AutoIt help file since it contains several thousand compiled html files. And it seems to rescan this file each time I browse to a new page in the contents panel.

    What's the change and why? This is so very very annoying. And why doesn't NOD32 do some sort of optimized realtime scanning so it doesn't rescan the same files over and over again? I thought it did this already with some sort of MD5 or CRC hashing (ie the "Optimized scanning" option which it seems to happily ignore)?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    CHM files are scanned only by the on-demand scanner. I've tried to scan the same CHM file here, but didn't notice any problems. Try emptying the temp folders, if there are thousands of files it may take more time to extract the archives when being scanned:

    Scan Log
    Version of virus signature database: 3175 (20080611)
    Date: 11. 6. 2008 Time: 5:39:35
    Scanned disks, folders and files: C:\Program Files\AutoIt3\AutoIt3.chm
    Number of scanned objects: 530
    Number of threats found: 0
    Time of completion: 5:39:37 Total scanning time: 2 sec (00:00:02)
     
  3. wraithdu

    wraithdu Registered Member

    Joined:
    Jul 22, 2007
    Posts:
    21
    The bigger CHM is the UDFs3.chm file, about 1800 files I think. I have bumped up my realtime scanning settings, so that may lengthen the time to scan.

    But my real issue is that the "Optimized scanning" option seems to have no effect. The On-Demand scanner still scans that CHM everytime I open the help manual (AutoIt3Help.exe). How does Optimized scanning supposedly work? Keep a database of CRC's or something?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The "Optimize scanning" feature is employed by the real-time protection only. The larger chm file was scanned in 6 secs. which is a reasonable time given that the archive consists of 1819 files.

    Scan Log
    Version of virus signature database: 3175 (20080611)
    Date: 11. 6. 2008 Time: 8:16:38
    Scanned disks, folders and files: C:\Program Files\AutoIt3\UDFs3.chm
    Number of scanned objects: 1819
    Number of threats found: 0
    Time of completion: 8:16:44 Total scanning time: 6 sec (00:00:06)
     
  5. wraithdu

    wraithdu Registered Member

    Joined:
    Jul 22, 2007
    Posts:
    21
    Oh shoot, I'm sorry. I didn't mean to say On-Demand scanning in my above post. I was referring to the Real-Time scanner. The RT scanner scans that file every time I open it.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The real-time scanner does not scan inside chm files as well as other archives. I'd suggest using Filemon or Process Monitor from Microsoft to monitor the file system operations being carried out at the time the slowdown occurs.
     
  7. wraithdu

    wraithdu Registered Member

    Joined:
    Jul 22, 2007
    Posts:
    21
    I can pretty much guarantee it's the real-time scanner, since I can see ekrn.exe running at 50% (dual core proc) when this happens.

    I'm still running the default extension setup which has NOD32 set to scan all filetypes. I've always run it this way, so it's strange this would only start happening last week sometime.
     
Thread Status:
Not open for further replies.