Jump to content

Recommended Posts

I think this doesn't happen until recently... Generally when the ESET scan engine detects a malware, it is taking unusually long time to delete that specific malware sample and show notification popups (I think it is definitely more than 40s to process one sample with very high cpu utilization on a high-end CPU). The EIS version is 12.0.31.0. Any changes under the hood that leads to such behavior?

Link to post
Share on other sites
  • Administrators

Please reproduce it.Beforehand, enable advanced operating system logging in the advanced setup -> tools -> diagnostics and start logging with Procmon as well. After the cpu utilization drops down after cleaning, stop logging.

Then gather logs with ESET Log Collector and together with a compressed Procmon log provide it to us for perusal.

Link to post
Share on other sites
28 minutes ago, Marcos said:

Please reproduce it.Beforehand, enable advanced operating system logging in the advanced setup -> tools -> diagnostics and start logging with Procmon as well. After the cpu utilization drops down after cleaning, stop logging.

Then gather logs with ESET Log Collector and together with a compressed Procmon log provide it to us for perusal.

I have sent u a message containing the log

It takes more than 15sec to delete this sample and when the logging is enabled it takes several minutes

Link to post
Share on other sites
On 3/5/2019 at 3:57 PM, itman said:

I am "dying of anticipation." Has "block at first sight" LiveGrid cloud scanning been added?:)

did you observe the same thing on your side? The samples, upon being detected, will show in explorer as 0kb and takes a long time before being deleted and the notification.

Link to post
Share on other sites
  • Administrators

You could try enabling pre-release updates since some optimizations have been made recently, however, we don't expect any big difference in this particular case.

Please provide a new etl log generated as follows during issue replication:
1, Start logging to an etl log by running "wpr -start GeneralProfile -start Minifilter -filemode".
2,. Reproduce the issue.
3. Stop logging and compress the generated log. Upload it to a safe location and provide me with a download link.

Link to post
Share on other sites
8 hours ago, 0xDEADBEEF said:

did you observe the same thing on your side?

I have observed a slight lag in the malware resolution process but nothing as extreme as you posted. However, I don't test with live malware as you do.

Link to post
Share on other sites
1 hour ago, itman said:

I have observed a slight lag in the malware resolution process but nothing as extreme as you posted

seems the performance issue is largely resolved in the latest version that is just released today. The deletion latency has dropped from 15 sec to 3~4 sec.

Link to post
Share on other sites
8 hours ago, Marcos said:

You could try enabling pre-release updates since some optimizations have been made recently, however, we don't expect any big difference in this particular case.

After updating to 12.1.31, the performance issue gets largely resolved. The sample that originally takes 15 sec to delete now only needs 3~4 sec in the latest version. 

Anyway I've messaged u the new log on 12.1.31

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...