Jump to content

Recommended Posts

I am helping someone to report a potential memory issue. He is using ESET Smart Security 10.1.219. The problem was that the available memory kept decreasing after booting up the machine. He didn't find any process that was taking up such huge amount of memory. He couldn't even browse website properly in such scenario.

His observation was as long as the web browser (firefox) was open, the available amount of memory kept decreasing, and finally made computer unusable. After turning off the "Enable application protocol content filtering" under "Web and Email", he could browse the website and the avail RAM didn't decrease any more. However, the available amount of physical memory is still pretty low with this setting (<3GB). After rolling back to 10.0.390, the problem is resolved.

Environment:

OS: Windows 10 Pro 1703

CPU: Ryzen 5  1600

RAM: 16GB

Edited by 0xDEADBEEF
Link to comment
Share on other sites

I have a customer that also has this problem with 10.1.219.0 on Windows 7 Home Premium x64.

Is there an installer available for a slightly older version?

Thanks,

Matt.

Link to comment
Share on other sites

On 7/31/2017 at 0:38 AM, Marcos said:

What memory usage do you see in the task manager for ekrn.exe and egui.exe?

ekrn 42,104k, egui 16,404k

Attached screenshot sorts the mem consumption from highest to lowest. As you can see, the memory in use (green bar) exceeds 13GB.

10.1.210.2 and 10.1.204.1 have the same issue. ver390 is fine

kkk.jpg

Link to comment
Share on other sites

59 minutes ago, 0xDEADBEEF said:

Attached screenshot sorts the mem consumption from highest to lowest. As you can see, the memory in use (green bar) exceeds 13GB.

Weird. However, the Win 10 build is using CE and that is buggy as hell. My mem. allocation is constant w/ ver. 1607.

I would set the Win 10 Min. and Max. virtual memory allocation to the same value, like 2 GB, and see if that makes a difference.

Edited by itman
Link to comment
Share on other sites

This should resolve who "is the culprit" in regards to in regards to memory usage. Download Process Explorer from here: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer . It's a portable app and will run from anywhere. Run it as Admin.. Click on "View." Then click on "Select Columns." Click on the "Process Memory" tab. Select the following:

  • Private Bytes
  • Peak Private Bytes
  • Working Set Size
  • Peak Working Set Size

You can keep Process Explorer running or open it up periodically to examine the above "Peak" columns. This should point you to whom the offending processes is. For example on my PC for ekrn.exe, peak private bytes is 244 MB and peak working set size is 352 MB with current private bytes of 45 MB and working set size of 146 MB.

Link to comment
Share on other sites

  • 2 weeks later...

Had this on two PCs this week

NonPaged Pool data is maxing out RAM until Windows becomes unstable

No process is claiming the RAM in Microsoft Process Explorer

Microsoft Tool RAMMan shows NonPaged Pool 90% of RAM usage (2.9GB on both machines with 4GB RAM)

Microsoft tool Poolmem.exe shows the driver issue

ESET 10.1.219.0 on Windows 7 Pro one machine 32bit and one x64

On 8/2/2017 at 2:35 AM, itman said:

This should resolve who "is the culprit" in regards to in regards to memory usage. Download Process Explorer from here: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer . It's a portable app and will run from anywhere. Run it as Admin.. Click on "View." Then click on "Select Columns." Click on the "Process Memory" tab. Select the following:

  • Private Bytes
  • Peak Private Bytes
  • Working Set Size
  • Peak Working Set Size

You can keep Process Explorer running or open it up periodically to examine the above "Peak" columns. This should point you to whom the offending processes is. For example on my PC for ekrn.exe, peak private bytes is 244 MB and peak working set size is 352 MB with current private bytes of 45 MB and working set size of 146 MB.

 

Link to comment
Share on other sites

  • Administrators

If you suspect memory leaks to be caused by ESET, please generate a complete memory dump as per http://support.eset.com/kb380. When done, compress the dump, collect logs with ELC, upload both archives to a safe location and pm me download links.

Link to comment
Share on other sites

What is the resolution to this post?  I recently updated to 10.1.219 and started experiencing the same memory leak.  The way I confirmed the issue was ESET, was booting into clean mode, and then slowing turning everything back on.  Once I Enabled ESET the memory leak started to appear.  

I am in the process of acquiring the memory dump logs, although I do not have Complete as the support article suggests.  I am running Windows 7 Ultimate 64bit with 12GB of ram.

Link to comment
Share on other sites

  • Administrators

In safe mode or with Self-defense disabled, import the attached reg file to enable heap tracing for ekrn. Then restart the computer. Make sure that Full dumps are enabled in the advanced setup -> Tools -> Diagnostics.

When you notice a high memory use by ekrn, generate a dump via advanced setup -> Tools -> Diagnostics -> Create (dump).
When done, collect logs with ELC, upload the zip file to a safe location and pm me a download link. Finally you can disable heap tracing by importing the appropriate reg file.

ekrn_heap_tracing.rar

Link to comment
Share on other sites

12 hours ago, Marcos said:

In safe mode or with Self-defense disabled, import the attached reg file to enable heap tracing for ekrn. Then restart the computer. Make sure that Full dumps are enabled in the advanced setup -> Tools -> Diagnostics.

When you notice a high memory use by ekrn, generate a dump via advanced setup -> Tools -> Diagnostics -> Create (dump).
When done, collect logs with ELC, upload the zip file to a safe location and pm me a download link. Finally you can disable heap tracing by importing the appropriate reg file.

ekrn_heap_tracing.rar

I have had a 3rd PC do this now and captured a memory dump as previously requested. Unfortunately it is 8GB in size but i can share it still if you like. Removing v10, Installing v9 and upgrading to v10 seems to resolve the issue. Previously on another faulting machine, removing v10 and reinstalling v10 would not fix the issue.

To do the 'dump' you have requested here i will have to wait for the next machine exhibiting this bug. Working in IT this shouldn't be an issue.

Link to comment
Share on other sites

13 hours ago, Peter Randziak said:

Hello guys,

can you please share the output from the Poolmon utility for us to check? 

Regards, P.R.

Here is a full dump during this issue.

https://elpamsoft-my.sharepoint.com/personal/ashley_elpamsoft_com/_layouts/15/guestaccess.aspx?docid=066895d4cc1d045d1af77d429b4c78a75&authkey=AfKbO9rYKljUhOGhmx8Nu7M

I will wait for the next PC to come in with this error to provide Poolmon info.

Edited by elpamyelhsa
Link to comment
Share on other sites

  • ESET Moderators

Hello all,

In case you have pool leak please try to run EpfwWfpRegV10.1.3.exe /unreg from an elevated command line and reboot the system. The utility is available at: http://ftp.nod.sk/~randziak/EpfwWfpRegV10.1.3.exe

Please let us know if the leaks are fixed after using the utility.

 

@elpamyelhsa thank you for the provided dump file.

 

Thank you, P.R.

Link to comment
Share on other sites

On 8/24/2017 at 1:31 AM, Peter Randziak said:

Hello all,

In case you have pool leak please try to run EpfwWfpRegV10.1.3.exe /unreg from an elevated command line and reboot the system. The utility is available at: hxxp://ftp.nod.sk/~randziak/EpfwWfpRegV10.1.3.exe

Please let us know if the leaks are fixed after using the utility.

 

@elpamyelhsa thank you for the provided dump file.

 

Thank you, P.R.

No, the issue still persists

Link to comment
Share on other sites

  • ESET Moderators

Hello @0xDEADBEEF ,

so far I got only positive feedback on this i.e. after using the utility and system reboot, the issue was solved so in your case it is probably something different.

Can you please try the utility once more from the elevated command line, set your system to be able to generate full manual memory dump, reboot the system and if you see the non-paged pool in GiBs again, get the full memory dump, pack it, upload it online and send me a download link so we can check it.

Regards, P.R.

Link to comment
Share on other sites

On 8/28/2017 at 8:00 AM, Peter Randziak said:

Hello @0xDEADBEEF ,

so far I got only positive feedback on this i.e. after using the utility and system reboot, the issue was solved so in your case it is probably something different.

Can you please try the utility once more from the elevated command line, set your system to be able to generate full manual memory dump, reboot the system and if you see the non-paged pool in GiBs again, get the full memory dump, pack it, upload it online and send me a download link so we can check it.

Regards, P.R.

We tried again but it still doesn't help. I've sent you the download link of the dump through private message.

Link to comment
Share on other sites

I have the same problem Under window 7. The memory fills up. Computer unusable. Useless to recommend downloading an application or anything else, internet access is also down. Only way out is reboot in safe mode and uninstall 10.1.219 by recovery to previous status. This 10.1.219 has clearly a major technical problem that ESET need to fix urgently.

Link to comment
Share on other sites

  • Administrators
2 minutes ago, obiwan said:

I have the same problem Under window 7. The memory fills up. Computer unusable. Useless to recommend downloading an application or anything else, internet access is also down. Only way out is reboot in safe mode and uninstall 10.1.219 by recovery to previous status. This 10.1.219 has clearly a major technical problem that ESET need to fix urgently.

Did you run "EpfwWfpRegV10.1.3.exe /unreg" as an administrator as instructed above? It should fix callouts registered by very old versions of ESET (v4). The issue should be fixed after the subsequent system restart.

Link to comment
Share on other sites

I had another customer with the memory leak symptoms and tried out the 'EpfwWfpRegV10.1.3.exe /unreg' solution.

It fixed the problem! Thank you very much for posting this.

I''ll now try and make appointments with two other customers that were having the same problem and see if it fixes it for them as well.

Matthew Green.

Link to comment
Share on other sites

On ‎9‎/‎4‎/‎2017 at 10:30 PM, Marcos said:

Did you run "EpfwWfpRegV10.1.3.exe /unreg" as an administrator as instructed above? It should fix callouts registered by very old versions of ESET (v4). The issue should be fixed after the subsequent system restart.

Once I understood that you meant to run it BEFORE the installation of 10.1.219, yes I did. After the installation it's impossible as the computer is almost totally frozen and has no internet access. And yes it fixed the problem. Thank you. Just one suggestion: include a cleanup of the registry from all previous version's garbage, by default, in any installation of a new version. it would save a lot of trouble and waste of time to customers.

Thanks again for the fix !

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...