0xDEADBEEF 43 Posted March 5, 2019 Share Posted March 5, 2019 I think this doesn't happen until recently... Generally when the ESET scan engine detects a malware, it is taking unusually long time to delete that specific malware sample and show notification popups (I think it is definitely more than 40s to process one sample with very high cpu utilization on a high-end CPU). The EIS version is 12.0.31.0. Any changes under the hood that leads to such behavior? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 5, 2019 Administrators Share Posted March 5, 2019 Please reproduce it.Beforehand, enable advanced operating system logging in the advanced setup -> tools -> diagnostics and start logging with Procmon as well. After the cpu utilization drops down after cleaning, stop logging. Then gather logs with ESET Log Collector and together with a compressed Procmon log provide it to us for perusal. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted March 5, 2019 Author Share Posted March 5, 2019 28 minutes ago, Marcos said: Please reproduce it.Beforehand, enable advanced operating system logging in the advanced setup -> tools -> diagnostics and start logging with Procmon as well. After the cpu utilization drops down after cleaning, stop logging. Then gather logs with ESET Log Collector and together with a compressed Procmon log provide it to us for perusal. I have sent u a message containing the log It takes more than 15sec to delete this sample and when the logging is enabled it takes several minutes Link to comment Share on other sites More sharing options...
itman 1,743 Posted March 5, 2019 Share Posted March 5, 2019 (edited) I am "dying of anticipation." Has "block at first sight" LiveGrid cloud scanning been added? Edited March 5, 2019 by itman persian-boy 1 Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted March 7, 2019 Author Share Posted March 7, 2019 On 3/5/2019 at 3:57 PM, itman said: I am "dying of anticipation." Has "block at first sight" LiveGrid cloud scanning been added? did you observe the same thing on your side? The samples, upon being detected, will show in explorer as 0kb and takes a long time before being deleted and the notification. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted March 7, 2019 Share Posted March 7, 2019 On 3/6/2019 at 1:27 AM, itman said: I am "dying of anticipation." Has "block at first sight" LiveGrid cloud scanning been added Does Eset plan to add this feature? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 7, 2019 Administrators Share Posted March 7, 2019 You could try enabling pre-release updates since some optimizations have been made recently, however, we don't expect any big difference in this particular case. Please provide a new etl log generated as follows during issue replication: 1, Start logging to an etl log by running "wpr -start GeneralProfile -start Minifilter -filemode". 2,. Reproduce the issue. 3. Stop logging and compress the generated log. Upload it to a safe location and provide me with a download link. Link to comment Share on other sites More sharing options...
itman 1,743 Posted March 7, 2019 Share Posted March 7, 2019 8 hours ago, 0xDEADBEEF said: did you observe the same thing on your side? I have observed a slight lag in the malware resolution process but nothing as extreme as you posted. However, I don't test with live malware as you do. Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted March 7, 2019 Author Share Posted March 7, 2019 1 hour ago, itman said: I have observed a slight lag in the malware resolution process but nothing as extreme as you posted seems the performance issue is largely resolved in the latest version that is just released today. The deletion latency has dropped from 15 sec to 3~4 sec. Peter Randziak 1 Link to comment Share on other sites More sharing options...
0xDEADBEEF 43 Posted March 7, 2019 Author Share Posted March 7, 2019 8 hours ago, Marcos said: You could try enabling pre-release updates since some optimizations have been made recently, however, we don't expect any big difference in this particular case. After updating to 12.1.31, the performance issue gets largely resolved. The sample that originally takes 15 sec to delete now only needs 3~4 sec in the latest version. Anyway I've messaged u the new log on 12.1.31 Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts