Jump to content

Archived

This topic is now archived and is closed to further replies.

D'Avila Paolo

CPU high usage till 90%

Recommended Posts

Hello,

we have a terminal server with Microsoft Windows 2012 on which is installed Eset File Security for Microsoft Windows Server. (Version 7.0.12014.0 )

It happens frequently, at least twice per day, that the CPU usage of the server, where employees are connect to, just reach 100% of usage due to the process ekrn.exe that requires almost the 90% of the processor. It happens just without any logic and still for at least 2 minutes, than the process just came back to work normally but meanwhile people can't work on that server.

I've already done a lot of resarches on the internet and i didn't found any help for this annoying issue. I've already checked settings on Eset file security to see if there are scan or something like that running out of power but none of them was found.

Is there a possibility to check (just when the process came up to his highest amount of usage) for what reason the ekrn.exe is using such as huge cpu power ??

Maybe is possible having specific logs of what is going on just when the cpu reach the 100 % ?

Below some info:

Real-time file system protection enabled.

Smart scan profile

Enabled detection of suspicious applications

 

Regards.

Share this post


Link to post
Share on other sites

I'd strongly recommend contacting customer care since this should be properly tracked.

Please do the following:
- temporarily disable Protected service in the HIPS setup and reboot the server
- run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5

When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ELC logs from the server.

Share this post


Link to post
Share on other sites
15 hours ago, Marcos said:

I'd strongly recommend contacting customer care since this should be properly tracked.

Please do the following:
- temporarily disable Protected service in the HIPS setup and reboot the server
- run Procdump as an administrator as follows: procdump -ma ekrn -c 70 -s 5

When the issue occurs, a dump of ekrn should be generated. Please provide it for perusal along with ESET Log Collector logs from the server.

Thanks for the answers.

Do i have to Enable ecmd advanced commands in order to run the command you have texted ?

Procdump -ma ekrn -c70 -s 5

Share this post


Link to post
Share on other sites

It has nothing to do with ecmd.exe. Procdump is a tool originally developed by SysInternals and now it's maintained by Microsoft.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...