Jump to content
JRV

ESET AV running multiple simultaneous scans

Recommended Posts

A Windows 10/ESET AV 7.0.2091.0 user complained of slow performance. Checked Task Manager and found disk was 100% utilized, mostly by ESET. Opened ESET and discovered 4 Scheduled Scans running at the same time. User says she never turns computer off, but it does sleep after a timeout.

In ESMC, the Policy for Scheduler has an entry for Scheduled Scans to run at 12:00. As it was shortly after 13:00, that's the only one I'd expect to be running. 

Looking at the start times for the scans, I woke the computer from sleep via ESMC Wake-Up Call 3 times earlier today to update its ESET Agent, which I had missed earlier. I think those wake-up calls correspond to the scan start times. In ESMC, those are not "Scheduled Scans" but "Automatic Startup File Checks". But I don't know if ESET AV uses the same nomenclature. Would those be 3 of the 4 scans, with the 4th being the one that starts at 12:00?

I guess one of those scans would have been initiated after the Agent update?

Are scans interrupted by the computer sleeping, or do scans keep it awake (or can they be set to do so)?

The Scheduled Scan was originally set to run ASAP if a scan is missed; I've just modified that to scan only if a scan has not been completed in the prior 24 hours. My goal is to avoid having more than one Scheduled Scan running at a time; will this achieve it?

Edited by JRV

Share this post


Link to post
Share on other sites

The trigger ASAP means that the task will be executed the next time ekrn.exe starts, ie. after the next computer restart. It is possible that multiple scans are started at once if the computer was in standby or sleep mode the last time the task was to be executed.

With a re-worked scheduler that will be implemented in one of the future versions multiple scans should not run concurrently.

As an administrator I would not schedule on-demand scans, at least not very often (more than once or twice a month probably). The thing is that files are thoroughly scanned with protection modules that leverage even more "aggressive" detections as files enter the machine (e.g. when downloaded from the Internet) and both the memory and autorun locations are scanned after each update, plus Advanced memory scanner scans memory upon execution of files.

Share this post


Link to post
Share on other sites

Marcos, thanks for your reply.

A little wary about backing off on the scheduled scans. At all sites I manage, including ESET sites, scheduled scans pick up malware that real-time scans miss. Presumably because of updated virus definitions. Managed AV, including ESET usually doesn't include a default scheduled scan, but I've learned to always implement one when I inherit a site. And as soon as I do, the console is flooded with malware missed by real-time scans. So the question I have to answer is, how long am I OK with leaving malware on the machine?

But even if I eliminated my scheduled scan, it appears that the other 3 would have run anyway, simultaneously, and that's still 2 too many. Hope the scheduler is re-worked soon!

Share this post


Link to post
Share on other sites
Quote

scheduled scans pick up malware that real-time scans miss.

I would appreciate if you could provide me with some examples of such malware. If a new malware was not recognized and  managed to run, it would have been detected and cleaned by a startup scan which is run after an update or when the system starts.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×