Jump to content

Spiking process occurring on server caused by Eset file security


Recommended Posts

A customer complained that eset is causing process spiking on his server

we suggested the following fix below 

  • Upgrade to the latest version of the ESET File Security (Version 6.5.12014.1)
  • Process exclusion (Via GUI > F5 > Antivirus > Processes Exclusions > edit > add > find the process 'Ax32Serv.exe' in the path mentioned above ( C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe)> hit OK 3x to save the changes.)

We proceeded to ask the following with his response in green 

Can you also please describe the issue more precisely? CPU is maxed continuously with 96% usage tied to Eset service
When the issue started to occur? It started since the 5th of April 2018
Did it happen after our product/windows update?  No
Does the issue occur at some specific time, or is it permanent issue? It looks like a permanent issue as the server performance improves if Eset is either uninstalled or disabled
Is the server some type of file server, which the users are accessing and reading data from / writing data to this server?: The server is a terminal Server
Also, kindly check, if the 'Log all blocked operations' is enabled in GUI > F5 > Antivirus > HIPS > advanced settings? If yes, can kindly disable this option, wait some time and confirm, the issue with high CPU load is still present, or is gone? It is already disabled so there is no need to disable the settings.

Please Note the issue still presently persist and kindly find log of the spiking server 

Kindly check this link for log

https://yadi.sk/d/HmmxYTEk3UVQSv

Link to post
Share on other sites
  • Administrators

Just to make sure, did you exclude "C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe" in the process exclusion list and not just "Ax32Serv.exe"? A full path the executable must be entered, otherwise it won't work and HIPS will report errors.

Please provide also logs collected with ELC on the server to make sure that EFSW is configured properly.

Link to post
Share on other sites

Hello Marcos

 

Thanks for your swift response 

 

Kindly let me know when you have analyse the log and a feedback for a possible resolution 

 

Regards 

Link to post
Share on other sites
18 minutes ago, Marcos said:

Just to make sure, did you exclude "C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe" in the process exclusion list and not just "Ax32Serv.exe"? A full path the executable must be entered, otherwise it won't work and HIPS will report errors.

Please provide also logs collected with ELC on the server to make sure that EFSW is configured properly.

Just a quick one 

can you give me guide on how to exclude it 

Link to post
Share on other sites
  • Administrators

It should look like as follows:

image.png

If you would like me to check your setup, please run ELC, collect logs and other stuff and provide me with the generated archive.

Link to post
Share on other sites
On 4/17/2018 at 2:09 PM, mayowa said:

A customer complained that eset is causing process spiking on his server

we suggested the following fix below 

  • Upgrade to the latest version of the ESET File Security (Version 6.5.12014.1)
  • Process exclusion (Via GUI > F5 > Antivirus > Processes Exclusions > edit > add > find the process 'Ax32Serv.exe' in the path mentioned above ( C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe)> hit OK 3x to save the changes.)

We proceeded to ask the following with his response in green 

Can you also please describe the issue more precisely? CPU is maxed continuously with 96% usage tied to Eset service
When the issue started to occur? It started since the 5th of April 2018
Did it happen after our product/windows update?  No
Does the issue occur at some specific time, or is it permanent issue? It looks like a permanent issue as the server performance improves if Eset is either uninstalled or disabled
Is the server some type of file server, which the users are accessing and reading data from / writing data to this server?: The server is a terminal Server
Also, kindly check, if the 'Log all blocked operations' is enabled in GUI > F5 > Antivirus > HIPS > advanced settings? If yes, can kindly disable this option, wait some time and confirm, the issue with high CPU load is still present, or is gone? It is already disabled so there is no need to disable the settings.

Please Note the issue still presently persist and kindly find log of the spiking server 

Kindly check this link for log

https://yadi.sk/d/HmmxYTEk3UVQSv

Hello Marcos

I will like to follow up on the log sent if it has being analysed by you and your kind advise on the way forward 

Kind Regards 

Link to post
Share on other sites
  • Administrators

Please gather logs with ELC and provide me with the generated archive if you would like me to check your ESET's configuration. The log you've provided was generated by Process Monitor.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...