tc330

Hello, sorry, but your answer isn't helpful...! It isn't possible to change every client software in real life, if there will pop up some failures in relation with the usage of ESET. Without ESET antivirus no application failure appears...., so I see the resolution on ESET side and not on client application side. We can't change all existing software in our company, because ESET is doing something strange and the software can't handle the normal functionality of other needed software and it isn't possible to configure the antivirus in the way to do so! To say see check your client software is not acceptable for me..! Regards

Hello, maybe as additional info we are using Windows 7 embedded on the client. Something seems for me to be equal as with the last issue I mentioned here..., https://forum.eset.com/topic/879-problems-with-exclusion-of-files-fold ?! At least the antivirus makes something what I don't understand...?! Regards Thomas

Hello, ... thanks that you will be in my thread again! The excluded folder settings / functionality seems to be working with the eicar test file in general. So if I put the test virus in the mentioned client application folder it's not cleaned and I don't get a virus message. If I put it somewhere else (outside the exclusion) both things will be done. Also if I exclude the hole c:\*.* it seems to be working. But if I let the c:\*.* exclusion active and I run the client software I still have the error. Of course something is coming from client software, but I'm also sure that something is related to ESET antivirus! As I already explained, if I deactivate the ESET antivirus the client software is working without getting the error. So ESET has to be involved..! How can I make a deeper analysis what is going wrong from ESET side or how can I define a workaround from ESET side? Regards TC330

Hello, in the meantime we are using ESET Enpoint Security (Version 5.0.2254.0) in our company. I see again a strange issue on a client software we are using in combination with ESET. If the Antivirus protection is enabled we got an error, if it is disabled we don't get this error. By the way we found also during the failure investigation that we can also avoid the error, if we don't enable the "debug flag" (with this flag the client software is logging more information) for the mentioned client software. So with enabled debug flag (which should the default setting / usage for the client software) and the activated ESET antivirus protection we got the error! I have excluded the hole client directory (see attachments), but it seems that ekrn is still something doing with some files from this directory. Why is this the case....? Regards TC330

Hello, I have to say thank you to all (ecspecially to Marcos) who gave feedback and answers to my questions....! Many thanks for your support..! The issue is now clear, but not really satisfying because both options (upgrade operating system & change the client app) aren't realizable without much changes, costs and work. Regards TC330

So that means the ESET real time protection is blocking something, due to the fact that we use Windows XP (with technical limitations in this case) and our application handling files with 2 threads without having the mentioned ekrn access in the process monitoring log visible? So also the proposal to try again with v7 doesn't make sense anymore? Regards

Hello, @Marcos some explanation and a question from our client software programmer: "For sure, there are two threads opening and writing to tempres.bin (from tester client software) while tests are running. Those two threads certainly do attempt to open the file at the same time on many occasions. Normally, this is allowed as both threads open tempres.bin with full share access mode. The file can be opened for writing and for reading by another process unless the other process requires an exclusive access. As both threads give full share access everything goes well. Is it possible that ESET is somehow hijacking the CreateFile call and alters the file share mode effectively preventing the two threads from sharing tempres.bin? The Process Monitor log shows such a CreateFile call at 15:20:25.0675796. The ShareMode shown in the properties is set to Read only. I double checked the source code and I can say the tester software never exclusively opens a file during production. " Maybe it will help you for further investigations..? Do you have access to ESET programmer or are you a ESET programmer? I don't know the escalation process in this ESET forum, maybe you can tell me how it will look like . Regards

The current log files (download link send to you via pm) were created with a ESET smart security version (v 6.0.316.0) on Windows XP machine. I will try your proposal with the v7 again. To be sure you would like that I use again the beta v7 version, which you have posted in one of your answers? Regards

Hello, ok.., I don't have so much experience with ESET and such failure analyze! But please explain me why this client software error only appears when ESET smart security is installed and the real time scanner isn't deactivated? Regards Thomas

Hello, I have added a further detailed pdf in my download area..., please have a look. Yes you are right, you don't see ekrn opening something at 15:20:25.059, but you see a "SYSTEM" event and when you open this system event you see some 4 ESET services running (epfw.sys, epfwtdi.sys, eamon.sys & epfwndis.sys). I don't know what they are doing and if they can be responsible for the problem. The programmer of our client told us that there should be the problem and something is coming from the ESET services. So that means in your point of view, that this opinion should be wrong? If it is the case then I don't understand why we don't get this client software error message when ESET realtime protection is deactivated! ESET must have something to do we this initial problem! Nevertheless I will try your further proposal with the additional exclusion for C:\Documents and Settings\*.*, C:\WINDOWS\Temp\*.* and c:\*.* Regards

Hello, the bin exclusion (point 1.) doesn't help also with the last ESET smart security version (v 6.0.316.0). @Marcos I have additional created a process monitor log file (point 2.) and send you the download link via private message. The problem occurs at 15:20:25.059 and I'm wondering first why I don't see at this time anything from ESET (as process name) in the log file. The programmer of the mentioned client software told me, that I don't see something from ESET as process name because the ESET services are running and therefore the process name is "SYSTEM". Are you a ESET programmer? Is it the case that in such situations I only see in this "SYSTEM" properties from the process monitor log file some ESET services activations? Regards TC330

Hello, as I said I will 1.) test again Arakasi's proposal with the "bin" exclusion and I will use the lastest official ESET smart security version (v 6.0.316.0). If there isn't any difference between exclusion handling of the mentioned versions, the standard troubleshooting technique is fulfilled and we should not waste time with this version issue. Additionally I will 2.) create during this test (exclusion file and folder + exclusion "bin" extension) a Process monitor log and provide you this generated log files. Till now many thanks for the feedback / help! Regards TC330

Hi, no we don't have a current license for ESET Smart Security Buisness Edition, only the the normal ESET Smart security version. I have also tried the last proposal from Arakasi on the old versions (v4 & v5) in the past, because this seemed for me also a logical way - without success! Never the less I will make this test also again with the newest Smart security v6 and provide feedback when I have results. Again my question if there is a real chance to avoid the problem with the ESET Endpoint Security? Is there a difference between handling exclusions between both versions? Regards Thomas

Hello, I have tried in the meantime many ESET versions. Is there a real chance to avoid the problem with the ESET Endpoint Security? I'm currently more focussing to a solution with the existing version I have. Regards Thomas

Hello, the v7 beta version in evaluation mode is crashing during the first usage.., afterwards no configuration menu appears after the input of the password which was imported with a earlier configuration file from previous version (v4 or v5). So this test wasn't successful...! Afterwards I install the latest official Eset smart security (v 6.0.316.0) and use it also in evaluation mode. This version is principle working, so it's possible to change the configuration. 1. Does ESET have the same functionality in evaluation mode as after the activation? The problem is that I still have my same problem also with exclusion of the tempres.bin and the hole database directory in this newer version 6. 2. Any further ideas...? @Arakasi I have tried this way for getting further information concerning that problem directly after the issue appears some weeks ago. Except the client application I can't see anything else which have also this file in use during the exact point of time when the problem pops up. Regards

Hello, exactly.., we don't have a busines / endpoint license. As additional info, in the past I also try a version 5 of Eset smartsecurtiy and also the mentioned exclusion on both older versions without success. I will try your mentioned beta v7 version and also again with the exclusion, afterwards I will share the results in this thread! Regards

Hello, we are currently upgrading many clients in our company to ESET smart security. On many types of clients the software is working as expected without any problems, if we exclude the main used related application. But on one client type (with a special application) we see a strange issue if the real time protection is activated and the application is running. In this special case (ESET real time protection is activated & application is running) we got from time to time an error message (Cannot open the temporary file c:\Database\tempres.bin with error 32: The process cannot access the file because it is being used by another process.) from the application that it seems that this file is already used by another application. In my point of view it can only be the ESET real time scanner, because if we deactivate ESET real time protection nothing simular happen anymore. I try to exclude the mentioned files and also the hole directory where this file is located, but without success..! It seems for me that the exclusion of ESET in this case is not working well..?! Can somebody professional give me technical information how I can avoid such a behaviour. Thanks in advance...! Regards TC330