Jump to content

nullcure

Members
  • Posts

    9
  • Joined

  • Last visited

About nullcure

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Esk Please take a look over here. As for your questions regarding NETBIOS and NT Kernel and system. Google is your friend 🙂 You can find so much information on those topics simply by searching the web.
  2. Here we are another 26 hours later and things are still looking great! after another 26 hours passing EKRN only RW'd another 4.5ish GB of data. To recap I deleted these large log files a couple of days before noticing them back with a high I\O from ekrn.exe it appear this time the problem did not return due to changing some of the logging settings reviewed in this threaad. I am posting with successful resolution
  3. So far so good, Things are looking much better but I would like to monitor the situation another 24 hours to see if the log files end up populating for a 3rd time. EKRN.EXE 15.18GB over 1 day and 3 hours is much better than 8ish TB over 22 hours.
  4. So a couple of days ago I noticed my C:\ was nearly full. ( I didn't catch whether there was heavy I\O as I discovered that part of the problem today) Anyway a simple run of WinDirStat was able to show me 6, 44GB, Files each of being in the escan log folder. I deleted them a couple of days ago and my SSD space was reclaimed. Today I noticed the Heavy I\O and through troubleshooting in this forum thread I noticed a correlation through procmon to the log file being read over and over which then I realized the 44 GB log files came back. (The ones in this forum thread) I deleted them after having to reboot the PC and turn off HIPS: Self Defense HIPS: Protect Service With the log file no longer in use I was able to delete it and it appears that the Heavy I\O has ceased. But wait.... Remember? I noticed 6 big log files the other day just didn't happen to notice if there was heavy I\O or not and now today there's 2 huge log files back. I will monitor this situation for 48 hours before declaring a successful resolution Thank you Marcos.
  5. Hmmm here's procmon unfiltered capture of 3 seconds. I will attempt to close Samsung Magician and see if the problem is fixed. So I Killed off SamsungMagician and stopped the system service problem persists. So far EKRN.EXE has accessed 8.89TB. I need this to stop somehow, Anymore Ideas?
  6. I do not see this option here on my Endpoint security gui. I am using it full unrestricted mode Is the feature you are recommending on the cloud management interface? (P.S. Yes I looked in advanced > logging and other places as well)
  7. Adding SI - Procmon64 ekrn.exe It would seem the culprit is with the logging in the application. What setting am I missing?
  8. Please see attached screenshots. Here is the current state of EKRN.EXE Here is the Total I/O + System Uptime Besides this issue I have ANOTHER ISSUE with Logs quickly becoming 44GB in size. Eating up ALL available SSD Space. Check this out. Now the good news is since I'm the one who manages the cloud security my personal PC is not running the same policies as my client. I'd be quite unhappy if I come to find these same issues on my clients network pcs. Anywho If anyone can help figure out what setting I'm probably missing here that'd be great There was an earlier post about disabling fast boot however, that's not an option for me. During this time I turned on presentation mode and after 10 minutes EKRN.EXE stopped with the heavy I\O As soon as I disable Presentation mode the I\O started right back up. Now I've tried this. And still. Heavy I\O I also Tried Pausing it too... .Still High I\O Attached is an anon sysinspector generated log sysInspector_26-07-2022_16-58-41.zip
×
×
  • Create New...