-
Posts
37,915 -
Joined
-
Last visited
-
Days Won
1,503
Everything posted by Marcos
-
ESS v7.0.104.0 performance issues
Marcos replied to nickster_uk's topic in ESET Beta Products for Home Users
If you look at the performance test closer, they state: Use cases: visiting websites, downloading software, installing and running programs and copying data. That said, it all boils down to what files are used. If large archives or heavily packed files are used, it will take longer to scan them. However, without knowing more details about this particular test, it's impossible to comment on it but generally said, in a real-world scenario ESET is one of the lightest AVs in terms of the system footprint. Also we've been continually working on improving performance of code emulation so that files are emulated by advanced heuristics much faster than ever before. -
If you have an email address in the exception list, it will always be checked for spam regardless of whether it's in the whitelist or not. If you do not receive spam with your email address listed as the sender, removing it from the exception list should do the trick.
-
Check this out for a comparison.
-
50-80 MB is normal nowadays, also given that only the engine with signature database is about 31 MB in size which needs to be loaded in memory. Also memory is used for operations that would otherwise require writing to the disk which speeds us scanning a lot.
-
Reading several files at once from different physical places on the disk would make hard drive heads move forth and back which would actually slow down the scan speed. You can observe the same when copying files simultaneously within the same disk - it takes longer compared to the scenario when only file is copied at a time.
-
does eset detect this malware Cryptolocker
Marcos replied to mantra's topic in Malware Finding and Cleaning
I've seen variants detected only by ESET so the likelihood that the samples you're referring to are detected is quite high. -
does eset detect this malware Cryptolocker
Marcos replied to mantra's topic in Malware Finding and Cleaning
Most likely it's detected as Win32/Filecoder.XX. However, without an exact sample it's impossible to tell for sure and my assumption is based only on searching for the name provided. -
Please post here a complete record from your ESET Threat log containing the full path to the file, the detection name as well as some other information.
-
You'd need to disable real-time protection but this would leave your computer unprotected. It's the role of real-time protection to scan all files that are created or accessed by the operating system or 3rd party applications. Are you experiencing any issue with real-time scanning?
-
Endpoint antivirus, some computers getting bogged down often
Marcos replied to twinstead's topic in ESET Endpoint Products
Does the slowdown occur at the time the clients receive an update? By default, a startup scan is run after an update to make sure no threat is active in memory. Are they systems with multi-core processors or what's the hw configuration? -
You can try v7 but since Windows XP uses legacy drivers and does not support minifilters, it won't make any difference and the issue will occur also with v7. There are basically 2 options: 1, upgrade the operating system to a newer one with support for minifilters 2, make the application open files for writing only in one thread. Making a change preventing the issue from occurring on Windows XP would cause the real-time scanner not to detect malicious files.
-
It's been confirmed by engineers that this issue cannot be fixed in the legacy driver used in Windows XP and older due to technical limitations of the operating system. Issues like this may occur if an application opens files in 2 or more threads for writing and ShareMode read,write. That said, the only solution is to use a newer operating system as keeping real-time protection disabled is not an option. Another solution would be to make the application open files for writing only in one thread in which case the sharing violation wouldn't occur.
-
ESS 7.0.104.0 function not defined
Marcos replied to Faraways's topic in ESET Beta Products for Home Users
Probably it's because I didn't restart after installing v7 beta. Anyway it's not a big deal as long as the Exploit Blocker is functional, which I hope it is, am I right? So this explains the problem. A computer restart is required for the text to be displayed as it was added via a module update so that beta users can test the new feature without making a new beta version. -
I've noticed that sharing violations occur on C:\Database\tempres.bin. Was the Procmon log created with v4, v5 or v6 installed? I assume you're using Windows XP, could you confirm? As for the issue with v7, could you try installing it again, now without importing settings from a previous version? If the problem persists, please create one more Procmon log with v7 installed. In that case, it'd be most likely a known issue of legacy drivers that could only be fixed in the minifilter driver used on Windows Vista and newer.
-
The thing is you're looking at the Web protection settings -> URL address management on the client but in the Configuration editor you have a Web control setup window with rules open. Web access protection and Web control are different features although both allow for blocking URL. While URL address management is a part of Web protection, Web Control is an equivalent to Parental Control in home version.
-
Code emulation is a kind of a task that can only be performed sequentially. It's not that we now have multi-core processors and every single application will benefit from it when performing its tasks. As I wrote, if several scans are run at once (e.g. on mail servers), scanning threads are run by separate cpu cores simultaneously which increases the overall scan performance.
-
ESS 7.0.104.0 function not defined
Marcos replied to Faraways's topic in ESET Beta Products for Home Users
We've been unable to reproduce it. After updating a fresh v7 beta and restarting Windows, the text "Enable Exploit Blocker" is always displayed. -
Updates
Marcos replied to chrlshlmn's topic in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
Regular automatic updates are attempted on an hourly basis by default as long as the computer is turned on. -
If disabling real-time protection actually helps, the only operations performed by real-time protection are those with ekrn.exe process. Other modules do not perform file operations and even network operations are performed by ekrn.exe. I have a long-time experience analyzing Procmon logs and various issues related to ESET products so I'm sure I'm not mistaken