JGTruff 0 Posted April 29, 2019 Share Posted April 29, 2019 I've been noticing a dramatic spike in CPU on a single core and have deduced this is from ESET. I ran ProcMon to find out more about what's happening and it appears to be "ekrn.exe" reading an INSANE amount of .tmp files in C:\Windows\Temp\. All of the files look like this C:\Windows\Temp\NOD****.tmp (NOD6BD1.tmp, NOD7627.tmp, etc, etc.) When I look at my temp folder, these files are nowhere to be seen. Does anybody know what's going on? Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted April 29, 2019 Administrators Share Posted April 29, 2019 Those are temporary files created when scanning archives, usually by the on-demand scanner since real-time protection doesn't scan inside archives. Are you positive that no on-demand scan is running? Link to comment Share on other sites More sharing options...
itman 1,747 Posted April 29, 2019 Share Posted April 29, 2019 In the Eset GUI, Advanced Setup -> Malware Scans section, check under Idle-State Scan section and verify that " Enable Idle-state scanning" option is not check marked. Note that the default ThreatSense setting for this option is to scan archives. Link to comment Share on other sites More sharing options...
JGTruff 0 Posted April 29, 2019 Author Share Posted April 29, 2019 Thank you Marcos. I believe it is from on-demand scans actually. I do have archives switched off but self-extracting archives are on, are self-extracting archives also a cause of this? Link to comment Share on other sites More sharing options...
JGTruff 0 Posted April 29, 2019 Author Share Posted April 29, 2019 Oh thank you itman! That might be the exact issue going on here. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted April 30, 2019 Administrators Share Posted April 30, 2019 7 hours ago, JGTruff said: Thank you Marcos. I believe it is from on-demand scans actually. I do have archives switched off but self-extracting archives are on, are self-extracting archives also a cause of this? Yes, sfx archives need to be unpacked too. Also runtime archives, such as UPX, are unpacked. Link to comment Share on other sites More sharing options...
Recommended Posts