Excluding ESET Program Files

[DaveB-Opt 0]

Are there any security implications from excluding ESET from scanning itself?

The real-time scanner appears to be taking a toll on performance recently. We have the latest AV endpoint installed and we're using the balanced policy 'out of the box'

[Marcos 4,915]

We don't scan the file local.db. According to the screen shot, ekrn was writing to the local cache which is a desired operation and enables scanners to skip files that are whitelisted or that were already scanned with the given engine version.

[DaveB-Opt 0]

Just now, Marcos said:

We don't scan the file local.db. According to the screen shot, ekrn was writing to the local cache which is a desired operation.

Thanks Marcos.

What's the easiest way to find out what's causing the performance issues?

Most computers are ok but a handful are really sluggish unless the real-time scanner is disabled.

All are using the same policy. All are of a similar spec

[Marcos 4,915]

Please provide an unfiltered Procmon log generated with advanced output enabled in the Procmon menu for analysis.

[DaveB-Opt 0]

1 minute ago, Marcos said:

Please provide an unfiltered Procmon log generated with advanced output enabled in the Procmon menu for analysis.

Will do - might not be until next week though

[Marcos 4,915]

Or better enable advanced OS logging under Tools -> Diagnostics, reproduce the issue, disable logging and provide us with the file "C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl" compressed in an archive.