Dun 0 Posted March 29, 2020 Posted March 29, 2020 (edited) Hello Whenever I change Eset Endpoint or Eset Internet Security from default to custom, I notice ekrn.exe uses 100% of one of cpu cores for 20 minutes. It happens when I start any application which connects to the internet like Chrome or VPN. It does not happen with default settings. All settings I change is do not clean malware if found in files and ask the user, network settings to public network and block couple apps in firewall. It does not matter if I do it with Endpoint or Internet Security or if I change settings manually or import configuration file. Event log does not show any errors. It started happening after windows updates 3 weeks ago. What should I do about it? Edited March 29, 2020 by Dun
Administrators Marcos 5,409 Posted March 29, 2020 Administrators Posted March 29, 2020 Please enable advanced operating system logging under tools -> diagnostics, reproduce the problem, stop logging, collect logs with ESET Log Collector and provide the generated archive for perusal.
Dun 0 Posted March 30, 2020 Author Posted March 30, 2020 (edited) I forgot to mention that if I restart my machine network protection does not work. It takes over 10 minutes to calm down the cpu usage by ekrn.exe, then the protection lights green. Please find logs in PM. Edited March 30, 2020 by Dun
Administrators Marcos 5,409 Posted March 30, 2020 Administrators Posted March 30, 2020 Enable advanced network protection logging under Tools -> Diagnostics, reboot Windows, then disable advanced logging, collect logs with ESET Log Collector and supply the generated archive for perusal.
Dun 0 Posted March 30, 2020 Author Posted March 30, 2020 Please check PM. Should I provide the esetperf.etl as well?
Dun 0 Posted April 18, 2020 Author Posted April 18, 2020 (edited) I was able to narrow down the issue. Take huge executable file and create firewall rule about it. Make sure to enable it. When you click ok to apply settings you will see it will take much much longer than usually. But this is not yet the cause of the 100% core usage by ekrn.exe. After that create any other firewall rule and enable it. When applied - there you go, CPU core is fully utilized and network is unusable. To revert it, just disable (do not delete) the rule about huge size of the executable file. If you will not disable the problematic rule then after 15-30 minutes the CPU usage will go down but raise again hours later for some reason. Also it will raise at computer startup and waking up from sleep mode. Please let me know when you can fix it Edited April 18, 2020 by Dun
Administrators Marcos 5,409 Posted April 21, 2020 Administrators Posted April 21, 2020 Please make sure that you have ESET configured to generate full application dumps under Tools -> Diagnostics. When the issue occurs, manually generate a dump of ekrn by clicking "Create" under Diagnostics. When done, provide fresh ELC logs or just the newly created dump from the Diagnostics folder.
Dun 0 Posted April 21, 2020 Author Posted April 21, 2020 Thank you for your support. However the issue is very easy to reproduce with smart security or internet security and I have already provided way to much unnecessary information about my computer
Administrators Marcos 5,409 Posted April 22, 2020 Administrators Posted April 22, 2020 Unfortunately it's not easy to reproduce. You are actually the only one who has encountered the issue and a dump of ekrn is needed for investigation by developers. Without it we can't help unfortunately. Camilo Diaz 1
Recommended Posts