Windows Freezes periodically with Protection on!

Discussion in 'ESET Smart Security' started by gnome1919, Mar 8, 2012.

Thread Status:
Not open for further replies.
  1. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    I've used ESET for about 6 years. recently I've switched to Windows 64bit and therefore to ESET Smart Security 64bit. But my system started to freeze periodically - with protection on - which sometimes takes about 1 minute to go back to normal operation. I have searched this forum and ESET support center but all I could find is to download a Hotfix from Microsoft which may help solving my problem, but all to no avail! Please Help me, Thanks.

    OS: WIndows 7 64bit SP1
    Product Ver.: ESS 64bit 5.0.95.0 English
    Installed Modules:
    Virus signature database: 6951 (20120308 )
    Update module: 1037 (20110921)
    Antivirus and antispyware scanner module: 1342 (20120220)
    Advanced heuristics module: 1121 (20111208 )
    Archive support module: 1140 (20120210)
    Cleaner module: 1053 (20120120)
    Anti-Stealth support module: 1026 (20110628 )
    Personal firewall module: 1071 (20110912)
    Antispam module: 1016 (20101208 )
    ESET SysInspector module: 1221B (20110623)
    Real-time file system protection module: 1004 (20100727)
    Translation support module: 1024B (20110809)
    HIPS support module: 1026 (20110725)
    Internet protection module: 1019 (20110622)
    Web content filter module: 1009 (20110705)
    Advanced antispam module: 1016 (20110728 )
    Database module: 1016 (20110726)
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    Do you have MBAM installed? If you have realtime protection enabled it will do this. It is probably a conflict with something you have installed.
     
  3. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    thanks for your reply xxJackxx. If you mean "Malwarebytes' Anti-Malware" by "MBAM", No I never install any anti-malware or firewall alongside ESS as it does all the work itself.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    any errors or warnings in event viewer (system) logs
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The best would be if you could generate a complete memory dump as per the instructions here at the point the system freezes. I assume you've already tried installing this hotfix for a bug in WFP, haven't you?
     
  6. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    Hi Cudni,
    I have checked all log files and there was nothing unusual.
     
  7. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    Thanks for your reply Marcus,
    I will try to complete memory dump when system goes to "no responding state" but there are two questions:

    1-Is it useful to do so? Because my system goes to "not responding state" or "frozen state" just for a period of time like about 30 seconds or 1 minute not for a long time that makes me to hard reset my computer (as I said in my first post).

    2- After I perform a complete memory dump (in not responding state) how can I find the problem if any exist?

    And about the hotfix; Yes I have installed that hotfix from the sticky post on the forum (As I said in the first post too)
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ok, so first of all please narrow it down to the particular module involved in the interim lockups.
    1, disable HIPS and restart the computer
    2, switch firewall integration to "Only scan application protocols" and restart the computer
    3, switch firewall integration to "Personal firewall is completely disabled" and restart the computer
    4, disable automatic start of real-time protection and restart the computer

    Does the issue goes away after carrying out some of the particular steps above?
     
  9. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran

    Hi again,

    The step number 2 resolved the issue to some extent, but after the last step (I mean stopping AV real time protection module) the problem solved completely!! Any idea?!
     
    Last edited: Mar 9, 2012
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ok, so enable firewall integration now. In the IDS setup, enable logging of blocked connections. When the system appears to have frozen, check the firewall log for information about blocked connections from that time and paste it here.
     
  11. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    Ok, it seems that it has some issue with NETBIOS! I paste the log here:

    3/9/2012 3:44:04 PM Communication denied by rule 192.168.1.10:138 192.168.1.255:138 UDP Block outgoing NETBIOS requests System
    3/9/2012 3:43:58 PM Communication denied by rule 192.168.1.10:137 65.55.53.190:137 UDP Block NETBIOS Name Service requests System
    3/9/2012 3:43:58 PM Communication denied by rule 192.168.1.10:137 65.55.53.190:137 UDP Block NETBIOS Name Service requests System
    3/9/2012 3:43:58 PM Communication denied by rule 192.168.1.10:137 65.55.53.190:137 UDP Block NETBIOS Name Service requests System
    3/9/2012 3:43:51 PM Communication denied by rule 192.168.1.10:137 192.168.1.255:137 UDP Block NETBIOS Name Service requests System
    3/9/2012 3:43:51 PM Communication denied by rule 192.168.1.10:137 192.168.1.255:137 UDP Block NETBIOS Name Service requests System
    3/9/2012 3:43:51 PM Communication denied by rule 192.168.1.10:137 192.168.1.255:137 UDP Block NETBIOS Name Service requests System

    By the way, as I wrote in the last post, the problem seems completely gone after performing last step (Disabling AV module).
     
  12. gnome1919

    gnome1919 Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    7
    Location:
    Iran
    I found something weird!
    When protection is enabled (I mean AV not firewall), the Winamp volume slider is lagging drastically when I try to change it by mouse roll (rolling middle click of mouse which changes the volume slider position in Winamp main window)!! Any idea?!
     
    Last edited: Mar 9, 2012
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please create a Process Monitor log from the point when the issue occurs with real-time protection enabled, upload it somewhere and PM me the download link.
     
Thread Status:
Not open for further replies.