Jump to content

RCK

Members
  • Content Count

    7
  • Joined

  • Last visited

Kudos

  1. Upvote
    RCK received kudos from Mirek S. in AV is blocking loading webpages   
    Hello guys,
    Okay, I removed (from safe mode) EEA with esetuninstaller.exe, then reinstalled my usual 5.0.2272.7 x64 on my Win7.
    Then I go to > advanced configuration > computer > HIPS > [uncheck] Selfdefense, and I performed a virus database update, then I rebooted.
    With Selfdefense OFF, I tried to perform a procdump and it freezed Windows, no dump file was writen to disk, and I just totally lost control over operating system.
    I tried multiple times to generate a dump with selfdefense OFF, but it just totally freeze win7 (with / without "-e 1", "-ma", "32/64 procdump.exe", etc.)
    So I decided to enable again Selfdefense and start the command "procdump.exe -ma -s 10 -n 720 ekrn.exe" to have one dump every 10 seconds (because with selfdefense ON, I can't use "-e 1" unfortunatly).
    I also runned "process monitor", and wait the issue to reproduce.
    I feel that when the exception occurs, EEA is performing one of the startup scan because I can see the eset icon turning into taskbar, and overlib speak about startup scan, not virus database update.
    Could it be related to memory ?
    This startup task is eating a lot or ram (1.7 GB!), maybe there is one kind of infinite loop here.
    About dump, the bigger eea was using memory, the less dump file I could generate (See screenshot, "Error writing dump file: 0x8007000D").
    Another information, once the ekrn.exe engine is broken, disabling AV from GUI is useless, but I can have internet access again with the following settings modifications:
    USELESS = advanced configuration > internet & mail > protection of web access > HTTP & HTTPS > [Uncheck] Activate control
    USELESS = advanced configuration > internet & mail > protocol filtering > [Uncheck] Activate content filtering
    FIXED = advanced configuration > internet & mail > protocol filtering > [Uncheck] System integration
    So finally, I was able to trigger the bug and have a 1.3 GB dump before and a 1.9 GB after freeze, let's hope it will help
    I also have one whole 4GB logfile from ProcessMonitor.
    Please find my complete debug session files (14GB) at the following URL (it's one ultra 1GB 7z file with 512MB dictionnary RAM compression):
    hxxp://tmp.zool.fr/tmp/eset/20200713_NoOutgoingPacket.7z
    Thanks !



×
×
  • Create New...