mayowa 1 Posted April 17, 2018 Share Posted April 17, 2018 A customer complained that eset is causing process spiking on his server we suggested the following fix below Upgrade to the latest version of the ESET File Security (Version 6.5.12014.1) Process exclusion (Via GUI > F5 > Antivirus > Processes Exclusions > edit > add > find the process 'Ax32Serv.exe' in the path mentioned above ( C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe)> hit OK 3x to save the changes.) We proceeded to ask the following with his response in green Can you also please describe the issue more precisely? CPU is maxed continuously with 96% usage tied to Eset service When the issue started to occur? It started since the 5th of April 2018 Did it happen after our product/windows update? No Does the issue occur at some specific time, or is it permanent issue? It looks like a permanent issue as the server performance improves if Eset is either uninstalled or disabled Is the server some type of file server, which the users are accessing and reading data from / writing data to this server?: The server is a terminal Server Also, kindly check, if the 'Log all blocked operations' is enabled in GUI > F5 > Antivirus > HIPS > advanced settings? If yes, can kindly disable this option, wait some time and confirm, the issue with high CPU load is still present, or is gone? It is already disabled so there is no need to disable the settings. Please Note the issue still presently persist and kindly find log of the spiking server Kindly check this link for log https://yadi.sk/d/HmmxYTEk3UVQSv Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 17, 2018 Administrators Share Posted April 17, 2018 Just to make sure, did you exclude "C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe" in the process exclusion list and not just "Ax32Serv.exe"? A full path the executable must be entered, otherwise it won't work and HIPS will report errors. Please provide also logs collected with ELC on the server to make sure that EFSW is configured properly. Link to comment Share on other sites More sharing options...
mayowa 1 Posted April 17, 2018 Author Share Posted April 17, 2018 Hello Marcos Thanks for your swift response Kindly let me know when you have analyse the log and a feedback for a possible resolution Regards Link to comment Share on other sites More sharing options...
mayowa 1 Posted April 17, 2018 Author Share Posted April 17, 2018 18 minutes ago, Marcos said: Just to make sure, did you exclude "C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe" in the process exclusion list and not just "Ax32Serv.exe"? A full path the executable must be entered, otherwise it won't work and HIPS will report errors. Please provide also logs collected with ELC on the server to make sure that EFSW is configured properly. Just a quick one can you give me guide on how to exclude it Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 17, 2018 Administrators Share Posted April 17, 2018 It should look like as follows: If you would like me to check your setup, please run ELC, collect logs and other stuff and provide me with the generated archive. Link to comment Share on other sites More sharing options...
mayowa 1 Posted April 19, 2018 Author Share Posted April 19, 2018 (edited) On 4/17/2018 at 2:09 PM, mayowa said: A customer complained that eset is causing process spiking on his server we suggested the following fix below Upgrade to the latest version of the ESET File Security (Version 6.5.12014.1) Process exclusion (Via GUI > F5 > Antivirus > Processes Exclusions > edit > add > find the process 'Ax32Serv.exe' in the path mentioned above ( C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX_Axnos\Bin\Ax32Serv.exe)> hit OK 3x to save the changes.) We proceeded to ask the following with his response in green Can you also please describe the issue more precisely? CPU is maxed continuously with 96% usage tied to Eset service When the issue started to occur? It started since the 5th of April 2018 Did it happen after our product/windows update? No Does the issue occur at some specific time, or is it permanent issue? It looks like a permanent issue as the server performance improves if Eset is either uninstalled or disabled Is the server some type of file server, which the users are accessing and reading data from / writing data to this server?: The server is a terminal Server Also, kindly check, if the 'Log all blocked operations' is enabled in GUI > F5 > Antivirus > HIPS > advanced settings? If yes, can kindly disable this option, wait some time and confirm, the issue with high CPU load is still present, or is gone? It is already disabled so there is no need to disable the settings. Please Note the issue still presently persist and kindly find log of the spiking server Kindly check this link for log https://yadi.sk/d/HmmxYTEk3UVQSv Hello Marcos I will like to follow up on the log sent if it has being analysed by you and your kind advise on the way forward Kind Regards Edited April 19, 2018 by mayowa Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 19, 2018 Administrators Share Posted April 19, 2018 Please gather logs with ELC and provide me with the generated archive if you would like me to check your ESET's configuration. The log you've provided was generated by Process Monitor. Link to comment Share on other sites More sharing options...
Recommended Posts