Jesposito

Does it look ok like this ? I prefer the last workaround. Deploying the patch for Windows Filtering Platform can't be automated easily. I run into the issue at the beginning of v6, where the Agent was freezing my W7 with EES and I had to take a look at this MS HotFix.

Thank you @Marcos , I'll check your solutions. This is an history for you. When I 1st installed the EFSW on all my servers, I had 80% of them taking 100% CPU Friday afternoon starting almost the same time. I deployed EFSW during 2 or 3 days during this week. It took 1 hour to the entire week-end the get all servers CPU return to normal. Some weeks later EFSW did the same thing, and take again the entire system unresponsive. I had no choice than uninstall it. When ESET release a new version I deploy it on test servers and every time I'm getting problems with the CPU, but they don't start this together anymore. That's a good improvement. We had a security audit and the most important problems is the antivirus on servers and Web application using HTTP. They broke through the Windows security and stole all domain admin password because of no antivirus. HTTP is not related to you, but they stole credentials using man in the middle. We are deploying new hardware at this time and I have 5 Windows 2012 R2. They are not in production for now. I installed EFSW on them. There is no problems.

I am replacing Windows 7 by Windows 10 and the more days pass, the more urgent it becomes. I can disable the presentation mode, but if I do this, what is the purpose of such a mode? I think it could just be a temporary workaround.

I really need to protect my servers with an antivirus solution. For now I can't use EFSW. There is no such problem with EES on Windows 7/10. This is working great. For administration purpose, I prefer to use the same antivirus editor on PC and servers. Today I'm challenging you to achieve this goal : Make an ESET antivirus compatible with live environment without breaking my whole server farm at a random time.

Any news ? I'm still at 100% CPU.

Thank you @Marcos. I'll work like this until v7 is released.

Thank you for your anwsers. Do you confirm that the configuration option for PCU are not working ? I think updating with dynamic group is a bad idea for those reasons : When v6.5 is out, I have to change my dynamic group by hand to change version number and change by hand my installation task to select the latest EES version. This is not really automatic. Task are executed on dynamic group when the computer is 1st added to this group. If for example I had Windows Update, the installation will fail saying that the computer is waiting for a reboot and will not retry to update ESET product. Am I right ?

Hello, Since v6 ESET product don't update component automatically. It was a bit hard in v5 to update "PCU", but that was working well in automatic. I can't do the same with v6. I have to push new install every time. I still have some EES v6.2.2021.1 on my network. I would like to stay up-to-date as I did with v5. I don't have this problem with ERA Agent because I do GPO software installation. Application name Application version Count ESET Endpoint Security 6.2.2021.1 4 ESET Endpoint Security 6.2.2021.2 62 ESET Endpoint Security 6.3.2016.2 8 ESET Endpoint Security 6.4.2014.2 12

Hello, How can I prevent ESET Endpoint Security 6.4.2014.2 to start presentation mode when Windows 10 lock screen is displayed ? I would like to keep automatic full-screen switch for presentation mode.

ekrn.exe is opening the folder "C:\ProgramData\ESET\ESET File Security\Diagnostics" 10 time per seconde. It is not doing such a thing on a fine running server. It read the disk punctually.

The 2nd server is still at 100% CPU. This is the one where I can't collect the ESET logs. Tell me if you want to do further analysis on this server before it crash.

Here is the ESET logs for the 3rd server. @MarcosPML is on PM (3,7Gb unpacked) efsw_logs3.zip

Different error on ESET log collector for the 2nd server : [16:37:21] === Network configuration === [16:37:21] Exporting... [16:37:31] ERROR: Failed to execute IPCONFIG command I am sorry but I can't provide you the Eset logs for this server. I will try with the 3rd server.

Another server have ekrn.exe at 50%. Same configuration : latest EFSW and Win2008R2 I am also collecting logs for this server.

It failed again : [16:17:23] === Running processes (open handles and loaded DLLs) === [16:17:23] Exporting... [16:22:23] ERROR: Failed to execute the 64bit process info dumper executable [16:22:23]

Both procmon logs and ESET log collector have been running while ekrn is about 50% CPU. PML is not corrupt. I PM @Marcos ESET log collector failed. I try again with realtime process priority on log collector.

We did not have to wait long. Another server is using 100% CPU (~50% ekrn.exe). @filips this is the last version EFSW 6.4.12004.0 also on Win2008R2 I am collecting the logs but it is hard to work with 100% CPU...

Marcos, This is the Eset log collected for the last 5 days. I pm you with the procmon link. efsw_logs.zip

I found this in event log "System" The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. That explain why the CPU is back to normal and the RAM drop.

My pc crashed (Win10) and after all the windows update the ekrn.exe on the server was back to 0% when I reconnected. I had the time to capture the procmon log (1 minutes = 1Gb) during the issue. The ekrn RAM went from 200Mb to 125Mb. I will collect the ESET logs.

This would make my day

Thank you filips but I have this issue since I upgraded from v5 to v6. Something must be wrong with my OS 2008 R2. It appear to run fine on 5 servers with 2012 R2 that we installed last November. None of my 30 servers 2008 R2 are running fine. I really doubt that the last version will fix it.

Thank you Marcos for your fast reply. There is no on-demand scan running. If I turn off the real-time protection and the CPU go back to 0%, how will we find the root cause ?

Dear support, I am using EFSW 6.3.12010.0 on Windows 2008 R2. ekrn.exe is consuming 40% of the CPU since 3 days on a server. I had the same problem with EES before I moved to EFSW. Once a week ekrn.exe was consuming the CPU of all my servers, leading to big problems. That's why I do not install ESET product on production servers. Help to find what is happening to correct this issue. AthenaGS support is turning me crazy since 1 year. I think you would easily understand that I need to protect all my servers with an antivirus. I do not understand why it is consuming this much CPU, like if it were running a task, but nothing is visible in the GUI. The CPU is still consumed, contact me quick before it go back to 0%. Best regards, Jonathan ESPOSITO Deputy IT manager