Jump to content

CPU high usage till 90%


Recommended Posts

Hello,

we have a terminal server with Microsoft Windows 2012 on which is installed Eset File Security for Microsoft Windows Server. (Version 7.0.12014.0 )

It happens frequently, at least twice per day, that the CPU usage of the server, where employees are connect to, just reach 100% of usage due to the process ekrn.exe that requires almost the 90% of the processor. It happens just without any logic and still for at least 2 minutes, than the process just came back to work normally but meanwhile people can't work on that server.

I've already done a lot of resarches on the internet and i didn't found any help for this annoying issue. I've already checked settings on Eset file security to see if there are scan or something like that running out of power but none of them was found.

Is there a possibility to check (just when the process came up to his highest amount of usage) for what reason the ekrn.exe is using such as huge cpu power ??

Maybe is possible having specific logs of what is going on just when the cpu reach the 100 % ?

Below some info:

Real-time file system protection enabled.

Smart scan profile

Enabled detection of suspicious applications

 

Regards.

Link to comment
Share on other sites

  • Most Valued Members

You can use ESET Log Collector here : https://support.eset.com/kb3466/?locale=en_US&viewlocale=en_US to make log files and submit them to an Administrator in order to let them check if there is something wrong or not.

Link to comment
Share on other sites

  • Administrators

I'd strongly recommend contacting customer care since this should be properly tracked.

Please do the following:
- temporarily disable Protected service in the HIPS setup and reboot the server
- run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5

When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ELC logs from the server.

Link to comment
Share on other sites

15 hours ago, Marcos said:

I'd strongly recommend contacting customer care since this should be properly tracked.

Please do the following:
- temporarily disable Protected service in the HIPS setup and reboot the server
- run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5

When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ESET Log Collector logs from the server.

Thanks for the answers.

Do i have to Enable ecmd advanced commands in order to run the command you have texted ?

Procdump -ma ekrn -c70 -s 5

Link to comment
Share on other sites

  • Administrators

It has nothing to do with ecmd.exe. Procdump is a tool originally developed by SysInternals and now it's maintained by Microsoft.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...