What is ekrn.exe doing using up my bandwidth?

Discussion in 'ESET Smart Security' started by helaku, Feb 7, 2008.

Thread Status:
Not open for further replies.
  1. helaku

    helaku Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    2
    Hello, I've been using ESET Smart Security without any problems for a few weeks. However, for the last couple of days ekrn.exe is constantly accessing u20.eset.com for no obvious reason and thereby using up bandwidth that I'm paying for.

    Could anyone explain to me, please, what is going on and how I can stop this?

    (screenshots of settings and connections attached)
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I guess another program has downloaded something via http and the traffic was subsequently routed via ekrn
     
  3. helaku

    helaku Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    2
    What can I do to stop that?

    Without downloading anything the MB figure under Received increases slowly while the Local IP increases constantly one by one; for example
    0:0:0:0:1778
    0:0:0:0:1779
    0:0:0:0:1780
    0:0:0:0:1781
    0:0:0:0:1782

    I can reboot and as soon as I'm online the above process starts to cycle through the Local IP addresses and the Sent and Received figures start to increase.

    When I set the option "temporarily deny communication for the process" for ekrn.exe I cannot access the internet.

    Can anyone shed light on what is going on, please?
     

    Attached Files:

  4. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    I had the same problem with EAV.

    Simply...use another rule based firewall (without hard coded rules) and block ekrn.exe only to 89.202.157.130.
    Or wait for ESET to remove hard coded rules from ESS and do the same thing :D
     
    Last edited: Feb 7, 2008
  5. technobeetle

    technobeetle Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    2
    This is strange. I run NOD32 v3 and CFP v3, and Comodo attributes my FlashGet traffic to ekrn.exe

    CPF traffic monitor:
    cpf.JPG

    Meanwhile, FlashGet:
    flashget.JPG

    o_O
     
  6. technobeetle

    technobeetle Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    2
  7. ASpace

    ASpace Guest


    As far as I know 89.202.157.130 is an ESET server -> u20 , no longer used for updates. It is impossible to be ^something else^ downloading from u20.eset.com ... ?

    It must be either ESS trying to update or ESS submitting info for ThreatSense.NET ....? But 25 Mbs received is too much ...
     

    Attached Files:

    Last edited by a moderator: Feb 23, 2008
Thread Status:
Not open for further replies.