Startup scanning progress cause slower to and took a time

[HANDJOJO 11]

Dear All,

I'm using the  ESET Internet Security version 12.1.34.0, after using it I saw there are something different with the previous version (for i.e version 11) the Startup Scanning still in progress after user Log In and cause the program delay to open it, if I look in the Scheduler  there are the option to turn of System Startup file check to after user logon and when computer is running on the battery, please advise if I turn of the Startup file check cause it less protection of my computer, due its different behavior with the previous version I didn't seen the progress it.

Awaiting the advise.

Thanks 

 

[Marcos 4,718]

Startup scans are important; it's crucial to keep at least the one run after update enabled.

Approximately for how long does the notification about a startup scan being run remain displayed in the tray icon's tooltip? You can try to run the task manually via the right-click menu in Scheduler and measure the time. You can also provide me with a Procmon log from that time for a check.  I've tried it myself but the startup scan was completed almost instantly even before I was able to hover the mouse over the icon. It could be that you have a lot of files in a folder that is scanned by the startup scan. Anyways, the Procmon log could shed more light. Also I assume that you don't see any effect on performance while a startup scan is being run, do you?

[HANDJOJO 11]

Dear Marcos,

Thanks for your explanation, I have ran the manual Startup Scan from Scheduler and took only 7 second, however when I restart the computer the Start Up Scan took longer almost 3 minutes, therefore I confused about it and refer to your advise to provide you with a Procmon please find enclosed the Procmon file in zip/rar.

Thanks & B/regards,

 

 

[Marcos 4,718]

For instructions, please refer to the "Gather boot log files" section in the KB https://support.eset.com/kb6308/. Stop logging after the startup scan has completed after a system restart.

[itman 1,542]

Make sure that "Enable Smart Optimization" is check marked in ThreatSense settings for the Startup Scan.

Open Eset GUI. Then select Setup. Then select Advanced Setup. Under Detection Engine, select Malware Scans. Click on the "+" for STARTUP SCAN to expose the ThreatSense settings.

As a test, I disabled it and then rebooted. I then observed same behavior with the scan taking approx. 3 mins. to run.

[Marcos 4,718]

Besides a Procmon log, you can also provide logs collected with ESET Log Collector so that I can check your ESET configuration.

[HANDJOJO 11]

12 hours ago, itman said:

Make sure that "Enable Smart Optimization" is check marked in ThreatSense settings for the Startup Scan.

Open Eset GUI. Then select Setup. Then select Advanced Setup. Under Detection Engine, select Malware Scans. Click on the "+" for STARTUP SCAN to expose the ThreatSense settings.

As a test, I disabled it and then rebooted. I then observed same behavior with the scan taking approx. 3 mins. to run.

I have did as your information in Startup Scan configuration with selected Enable Smart Optimization after installed it, and nothing changed since EIS ver.11

Thanks for your information.

Regards,

[Marcos 4,718]

So it happens also if you uninstall ESET and install the latest version from scratch with default settings?

I'd suggest:
- temporarily disabling real-time protection in the advanced setup
- creating a Procmon boot log (stop logging after a reboot only after the notification about the startup scan being run goes away)

[HANDJOJO 11]

35 minutes ago, Marcos said:

So it happens also if you uninstall ESET and install the latest version from scratch with default settings?

I'd suggest:
- temporarily disabling real-time protection in the advanced setup
- creating a Procmon boot log (stop logging after a reboot only after the notification about the startup scan being run goes away)

Dear Marcos,

Please attached the file you need to investigate the case, Boot Collector & ESET Log Collector.

 

Bootlog.zip eis_logs.zip

[Marcos 4,718]

Hello,

It looks that no startup scan was run while the Procmon boot log was being generated.

[HANDJOJO 11]

57 minutes ago, Marcos said:

Hello,

It looks that no startup scan was run while the Procmon boot log was being generated.

Please enclosed the specify Procmon with ESET process.

Bootlog.zip

[Marcos 4,718]

Unfortunately, the log seems to be from time when no startup scan was running.

Please do the following:
- create a complete application dump of ekrn (adv. setup -> tools -> diagnostics -> create) when a startup scan appears to be running
- after a reboot enable oper. system advanced logging under tools -> diagnostics, wait until a startup scan completes, disable logging and eventually provide us with C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etlthe etl log (you'll need to upload it to a file sharing service and provide a download link because of the size).

[itman 1,542]

It is possible that two startup scans could be run at system boot or logon time. Such would be the case if the PC was idle long enough that Eset would push a module update after either of these events.

The main startup scan will scan all files run after user logon at normal priority. The after module update startup scan will scan commonly used files; whatever those may be, at low priority. Since both these scans have the same name associated with them, it would be impossible to determine which scan was running by mouse hovering over the Eset taskbar icon.

What might be observed by the OP is the running of the module update scan. Assuming a lower processing capacity PC and that the scan is running at low priority, it might run long enough to be observable via icon taskbar activity. In any case if this scan was running, it should have no impact on normal system activities since the scan is running at low priority.

Edited July 10, 2019 by itman