Marcos
-
Posts
36,872 -
Joined
-
Last visited
-
Days Won
1,464
Posts posted by Marcos
-
-
157 MB allocated by ekrn.exe is a pretty normal value but 1 GB reported by the OP is not.
When playing games, your CPU is used to the maximum extent which increases its temperature and the fan speed. Do you mean that with protection paused or after uninstalling ESET the fan remains silent while playing resource-intensive games?
-
The problem seems to be with the deployment token. I'll request syncing the license which should fix it:
ECPRequestMessageGetDeploymentToken request failed -
The detection should be correct. You should be able to confirm it using Wireshark and the arp.duplicate-address-detected filter.
You can set up an IDS exclusion for an IP range to be excluded from detection of identical IP addresses.
-
We don't need a dump from a point when the memory usage is normal so please wait a bit until it grows above the standard usage.
-
It happens when a browser is running at the time when a new root certificate is generated (e.g. when SSL filtering is turned on or when ESET is installed). We try again to add it to the trusted root CA certificate store after a reboot if previous attempts failed.
-
It is weird that Windows Defender (msmpeng.exe) is running. This service should not run after you install ESET and real-time protection gets activated.
Try uninstalling EFSW and installing it from scratch. Make sure that the above process is not among running processes then.
If you notice that ekrn is consuming too much memory, in the advanced setup -> Tools -> Diagnostics select the full application dump from the menu and then click OK. Then click Create (dump) in the same window to generate a compete application dump of ekrn.
Finally gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link. I would also recommend raising a support ticket and providing them with the generated archive as well.
-
Did you use a Run command task from the ESMC console?
https://support.eset.com/kb7277/
Individual security features can be enabled and temporarily disabled with the ERA Client Task Run command. The commands do not override policy settings and any paused settings will revert back to its original state after the command has executed or after a device reboot. To utilize this feature, specify the command line to run in the field of the same name.
-
In the advanced setup -> Tools -> Diagnostics, select to generate complete application dumps and click OK. Then open the Diagnostics setup again and click Create (dump).
Next, gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link.
-
Do you mean that the application is detected even if disabled in the system application setup?
-
Please try the following:
- disable SSL/TLS filtering in the advanced setup
- reboot the machine
- without launching any application, re-enable SSL/TLS filtering. -
If it's not ekrn.exe or egui.exe process that consume much memory, it's unlikely that the problem would be caused by ESET.
-
I overlooked that you had ESS v7. Please uninstall it and install ESET Internet Security 12.1.34 from scratch. Let us know should the issue persist.
-
Would it be possible to provide us with the container so that we can look into it? Also I strongly recommend upgrading Endpoint v5 to the latest version 7.1 for maximum protection, to make sure that it works alright with current OS's and that possible issues would be fixed. According to https://support.eset.com/kb3592/, it's in the phase of basic support which means:
- Availability of regular engine module updates
- Availability of module updates is not guaranteed
- Product is no longer available for download from ESET download servers
- Technical support is no longer available, no bugs will be fixed
-
Please post the url which is detected in an obfuscated form so that the link is non-clickable.
-
Please create a demonstration video. I was unable to reproduce it with v12.1.34.
-
It's weird, interactive dialogs stay on the screen for 30 seconds if I remember correctly and this cannot be configured in settings.
-
We extensively test our products with Insider preview builds so that our products are compatible with new versions of Windows 10 when officially released but have not encountered the issues you've mentioned. Unfortunately, without a memory dump or reproducing the issue on our end we cannot pinpoint the issue.
-
There shouldn't be any issues. However, copying files to a machine running another AV may be slower if it takes longer for the AV's real-time protection to scan it on create or access.
-
Have you repeatedly verified that the issue occurs after modules from the pre-release channel are installed and goes away after going back to modules from the regular release update channel?
-
First of all, Endpoint and specifically ESMC agent was not designed to report to different ESMC servers.
As for updates from different locations in different networks, it's possible to create two update profiles with different update servers set and then use them as a primary and secondary update profile for an update task.
-
Please provide the trace log from the ESMC server in a compressed form.
-
The Windows folder contains many more files than other folders so it's normal that scanning it takes more time that most of the other folders on the disk.
-
What file did you scan and what is the size of the file? Please provide a Procmon log from such scan.
-
Please provide ELC logs from the machine. This error typically occurs if there's a software installed or device in the network or at your ISP that manipulates the traffic and renders it corrupted.
Beforehand, enable advanced logging under Help and support -> Details for technical support, then run manual update, disable advanced logging and finally collect logs with ELC.
The status for driver eelam (eelam) remains Stopped
in ESET Products for Windows Servers
Posted
That is correct. This driver should remain in the stopped state.