[AV is blocking loading webpages]

@Peter Randziak

We have installed 7.3 on the machine and are testing if the problem re-appears.

If we find another computer where the publicly released patch reproduces the same issue, I will let you know and provide a memory dump of ekrn.exe.

 

[AV is blocking loading webpages]

17 hours ago, Marcos said:

Also I'd like to mention that disabling protocol filtering must prevent network communication issues. If not, the issue must be unrelated to the issue discussed in this topic.

 

It does indeed. The network problems are gone. However the scan itself doesn't complete now on this one machine.

So it's not necessarily related to the network problems, however the problem is only partly solved by the patch. It was just an attempt to warn you that the patch might not work on every machine as you probably at least want to recheck that.

[AV is blocking loading webpages]

After further testing of the patch we have a computer where it resolves the network connectivity issues, however the startup scan doesn't finish. Spoken computer is running Windows 10 1809 with ESET Endpoint Antivirus 5.0.2272.7 and the patch provided yesterday (Cleaner 10001). Memory usage about normal compared to the other computers I have seen.

The known workarounds with disabling the systemintegration or disabling http scanning doesn't resolve the network issues (without the patch). With the patch the scan doesn't complete. Disabling the startup scan/not running it doesn't trigger the network problem as expected.

The patch has been installed following the intructions (safe mode, etc.).

A dump of the ekrn.exe can be found here:
https://nextcloud.gfz-potsdam.de/s/RKmyta2fQQnMMQN

 

[AV is blocking loading webpages]

Just now, Marcos said:

Please don't forget to uninstall Endpoint v5 and install the latest Endpoint 7.3 on Windows 10. Endpoint 7.3 will be most likely the minimum version that will run on Windows 10 21H1.

We are already prepared for that and will update in the near future after our tests have completed. Thanks for the reminder tho.

[AV is blocking loading webpages]

The patch solves the issue for Windows10 2004 with ESET Endpoint Antivirus 5.0.2271.1.

Also RAM allocation and scan time looking way better (attached image).

[AV is blocking loading webpages]

5 minutes ago, Marcos said:

You can download a fixed Cleaner module from:
https://forum.eset.com/files/file/26-em005_32dll/ (32-bit)

https://forum.eset.com/files/file/27-em005_64dll/ (64-bit)

I need the cleaner_test_dat32bit.zip tho. Thank you in advance.

[AV is blocking loading webpages]

42 minutes ago, MMx said:

cleaner_test_dat_32bit.zipUnavailable cleaner_test_dll_64bit.zipUnavailable

cleaner_test_dll_32bit.zipUnavailable

I cannot download the files. They show unvailable to me.

[AV is blocking loading webpages]

1 hour ago, RCK said:

With Selfdefense OFF, I tried to perform a procdump and it freezed Windows, no dump file was writen to disk, and I just totally lost control over operating system.

I haven't been able to create the procdump one for exactly the same reason (Win10 2004), I got a Windows one however:

https://cloud.maxlxl.de/index.php/s/it2ZqYa5M6S8nz8

 

[AV is blocking loading webpages]

12 minutes ago, Marcos said:

We will appreciate if you could get the dumps as soon as possible:

• Create the registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ekrn.exe
• Under this path create the value DumpFolder of type REG_EXPAND_SZ
• Set this value to the path on the disk where the dumps will be created. For example C:\dump
• Create the value DumpType of type REG_DWORD and set this value to 2.
• Reboot Windows to normal mode
• Run "procdump.exe -ma -e 1 -n 10 ekrn.exe" as an administrator
• Reproduce the issue and wait until a dump is generated at the path you have specified before.

I'm getting an "Access Denied (5)" for ekrn.exe

[AV is blocking loading webpages]

Hello,

we noticed a few of our Windows computers to have network issues similar to the already described ones in here too.
One Windows 7 and two dozen of Windows 10 with primarily update 1909, but also 2004. ESET Versions 5.0.2237 to 5.0.2272.

We can reproduce the network issues by (either automatically or manually) running the "automatic startup file check" under schedule manager on the clients. This explains the different times after a reboot, when the problem occurs. ESET seems to not run the scan instantly and runs it a little bit delayed after system boot or latest on update of the virus signature database.

The scan then starts and continues to run seemingly without any problems. At some point the memory usage of ekrn.exe drops and at that point outgoing TCP connections are blocked. The scan also doesn't complete and the ESET client is showing the loading symbol in the taskbar.

A possible workaround I found is to disable the systemintegration for HTTPS and POP3 scans (via advanced settings on the client). [This obviously disables scanning network traffic which degrades the overall security. Be warned!]

I haven't managed to get a dump via the tool described before, but will try again tomorrow.

I have a screenshot of the running threads attached right after the memory usage drop where ekrn.exe seems to hang. Also a screenshot of the memory usage during the scan.