D'Avila Paolo 0 Posted October 17, 2018 Share Posted October 17, 2018 Hello, we have a terminal server with Microsoft Windows 2012 on which is installed Eset File Security for Microsoft Windows Server. (Version 7.0.12014.0 ) It happens frequently, at least twice per day, that the CPU usage of the server, where employees are connect to, just reach 100% of usage due to the process ekrn.exe that requires almost the 90% of the processor. It happens just without any logic and still for at least 2 minutes, than the process just came back to work normally but meanwhile people can't work on that server. I've already done a lot of resarches on the internet and i didn't found any help for this annoying issue. I've already checked settings on Eset file security to see if there are scan or something like that running out of power but none of them was found. Is there a possibility to check (just when the process came up to his highest amount of usage) for what reason the ekrn.exe is using such as huge cpu power ?? Maybe is possible having specific logs of what is going on just when the cpu reach the 100 % ? Below some info: Real-time file system protection enabled. Smart scan profile Enabled detection of suspicious applications Regards. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted October 17, 2018 Most Valued Members Share Posted October 17, 2018 You can use ESET Log Collector here : https://support.eset.com/kb3466/?locale=en_US&viewlocale=en_US to make log files and submit them to an Administrator in order to let them check if there is something wrong or not. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 17, 2018 Administrators Share Posted October 17, 2018 I'd strongly recommend contacting customer care since this should be properly tracked. Please do the following: - temporarily disable Protected service in the HIPS setup and reboot the server - run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5 When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ELC logs from the server. Link to comment Share on other sites More sharing options...
D'Avila Paolo 0 Posted October 18, 2018 Author Share Posted October 18, 2018 15 hours ago, Marcos said: I'd strongly recommend contacting customer care since this should be properly tracked. Please do the following: - temporarily disable Protected service in the HIPS setup and reboot the server - run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5 When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ESET Log Collector logs from the server. Thanks for the answers. Do i have to Enable ecmd advanced commands in order to run the command you have texted ? Procdump -ma ekrn -c70 -s 5 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 18, 2018 Administrators Share Posted October 18, 2018 It has nothing to do with ecmd.exe. Procdump is a tool originally developed by SysInternals and now it's maintained by Microsoft. Link to comment Share on other sites More sharing options...
Recommended Posts