shadowflex

I ran my PC today without ESET just to make sure it wasn't something else and I obviously didn't experience the issue. I'll reinstall it and exclude the drives to see if this is the solution.

Yes, it's set to complete memory dump and I modified the registry so I can manually create a crash, but no file is written, only the pagefile gets bigger. I think I read some articles about the pagefile being encrypted which prevents a dump from being written, but I'll have to investigate further.

I should've mentioned that my NAS is custom, not from a brand. It's just a PC running Ubuntu with Samba configured for the drives, nothing fancy. I've not touched it's firewall or anything else.

I tried to do it twice following the guide, but it doesn't create a dump file, only makes the pagefile large after reboot. It's not listed in local connections. I changed the profile to private today, it used to be automatic. I've set it to public.

I'm not entirely sure it's because of these blocked communication, because it's happening again right now and it shows zero blocked communication. It probably happened the first time because of me plugging and unplugging the network cable. If it happens randomly it doesn't show any blocked applications.

Yeah, I could barely open it though before the application froze, multiple windows services like svhost etc, get blocked up to 700 times. I seem to be able to reproduce it by unplugging and pluggin my network cable, after which this abnormal network activity starts. Some applications on my computer completely freeze when this happens, such as the eset gui.

It happened again with HIPS disabled, I tried twice to enable and disable it, restarted my computer both times. The high traffic always comes from ekrn.exe. It completely saturates my 1gbit connection to the point where I can barely do anything browser related.

After disabling network drive setting, I still got the same behavior with high network usage shortly after.

I believe I may have enabled it a year ago or so. It didn't create any issues until like a week ago when this started to happen. I haven't setup any exclusions related to the NAS. I'll disable the network drive option and wait a day or so to see if I can trigger the behavior again. Do you think it's safe to leave it off in my case?

Hi, I have a NAS server connected to my local network and have three mapped network drives in Windows. Sometimes randomly and sometimes when I transfer files from/to these drives, ESET service process in task manager shows 100% network usage and my browser slows to a crawl, can barely open a web page. Any application such as file explorer which uses the drive being scanned stops responding. I suspect if I disable real time scanning for network drives the issue will go away, but that poses a security risk since I often download risky files to this NAS. I'm linking the .zip OS advanced logs and diagnostic dump I've collected during one such event.: https://mega.nz/file/gkxyiZaQ#AvpUtUH6zrSkY-ccyz7QofDnhD_cbWKLkH5p5J4_qVk