DonH 5 Posted October 15, 2013 Share Posted October 15, 2013 I download a website backup that is a .tar.gz archive. In other words, it is an compressed file that is compressed again. They are fairly large. 1.5gig or so. The download stalls and times out. Ekrn.exe consumes well over 50% CPU during the download. This is not a self-decompressing archive, so there shouldn't be any harm if the download isn't scanned in real-time. This is a single IP and a single file type. Is there a way that I can be somewhat surgical in excluding those downloads from realtime scanning? Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 181 Posted October 15, 2013 Most Valued Members Share Posted October 15, 2013 right click on eset icon in system tray and temporarily disable protection Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted October 16, 2013 Administrators Share Posted October 16, 2013 You can set a limit for scanned objects in the web access protection setup to 500 MB for instance. On the other hand, if you download large files (e.g. iso images), possible malware won't be detected in them upon download. Link to comment Share on other sites More sharing options...
DonH 5 Posted October 16, 2013 Author Share Posted October 16, 2013 Marcos, I was afraid that it was basically applying the limit to all sites. It sounds like that is the case. On the other hand, would malware be detected when expanded? right click on eset icon in system tray and temporarily disable protection Cyberhash, I usually have Outlook running and other programs that may not be running, but access the internet in the background. Many programs have auto-updaters that check and possibly download and install updates whenever there is an internet connection. I'd rather be more targetted. Link to comment Share on other sites More sharing options...
DonH 5 Posted October 16, 2013 Author Share Posted October 16, 2013 An interesting (to me) observation: Using FileZilla in sftp, the download speed quickly settles into a dead steady 4 MiB's/sec. At the same time, ekrn.exe is using no CPU and memory usage by ekrn.exe never changes. I have set SSL filtering to 'Do not scan SSL protocol' which is probably responsible for the zero impact when using sftp. Now, I thought of excluding the IP address. That would be fine for HTTP, but the site gets enough questionable email that I don't want to exclude its POP 3. Oh well... Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted October 21, 2013 ESET Moderators Share Posted October 21, 2013 Hello Don, in case it is a single IP I would recommend you to exclude it from Protocol filtering. Link to comment Share on other sites More sharing options...
Recommended Posts