kapela86 10 Posted March 31, 2020 Share Posted March 31, 2020 (edited) Since when did Endpoint Security run a full C scan after every virus database update? I updates recently to 7.2.2055.0 and I'm pretty sure that previous versions did some sort of quick scan (probably only running processes, etc). I noticed some time ago that ekrn.exe was using cpu for a long time, I just confirmed with Process Monitor that after every virus database update it does a FULL 😄 scan, going through every folder. What is really anoying is that it takes about 50 minutes at my PC to finish (Visual Studio, SQL Management Studio, lots of iso/zip files in subfolders on desktop, Thunderbird with many GB of mail messages), so lots of unpacking and creating temp files in C:\Windows\Temp\NODxxxx.tmp. I have SSD drive so it's a LOT of write cycles to it (SSD have limited write cycles). Edited March 31, 2020 by kapela86 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted March 31, 2020 Administrators Share Posted March 31, 2020 Most likely you have scheduled a scan task that is run after a module update. There is no such task created by default. Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
kapela86 10 Posted March 31, 2020 Author Share Posted March 31, 2020 Can I safely upload it here so only admins/mods will see it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted March 31, 2020 Administrators Share Posted March 31, 2020 Yes, only admins and mods have access to attachments uploaded here. Link to comment Share on other sites More sharing options...
kapela86 10 Posted March 31, 2020 Author Share Posted March 31, 2020 ees_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted March 31, 2020 Administrators Share Posted March 31, 2020 Where did you download ESET Log Collector from? I'm asking since you've used version 3.2 while the latest one is 4.0 and the exported configuration doesn't include applied policy settings. Link to comment Share on other sites More sharing options...
kapela86 10 Posted March 31, 2020 Author Share Posted March 31, 2020 (edited) in Endpoint Security I clicked on Help -> ESET Log Collector, it opened https://support.eset.com/pl/kb3466-jak-uzyc-narzedzia-eset-log-collector and there i clicked on Pobierz ESET Log Collector EDIT: I switched to english version of that website and from there downloaded 4.0.2.0 I attached logs from this version EDIT2: Forgot to say that I found task that is responsible for this scan after definition update and changed it to run only once in 12 hours. Also I noticed that it says to scan "Commonly (or Frequently) used files". But I saw that it goes through Program Data, Users, both Program Files and Wwindows folders. And I don't think it's applied from policy, I think it's built in. ees_logs.zip Edited March 31, 2020 by kapela86 Link to comment Share on other sites More sharing options...
Recommended Posts