Phil_S 3 Posted August 2, 2020 Share Posted August 2, 2020 Eset updated to v13.2.16.0 yesterday and last completed a successful definition update over 4 hours ago. Wondering why my PC has slowed to a crawl I opened Resource Monitor to find that ekrn.exe is using over 12GB of physical memory, currently 93% memory usage and still increasing. The Eset tray icon is continuously spinning and the program has been reporting "Module update in progress" for at least the last hour that I am aware of, possibly since the last update check over 4 hours ago for all I know. I have tried clicking "Cancel Update" but it is not responding. Current stats for ekrn.exe are 132,933 threads 18.4% CPU Memory 12,419,948 KB Going to try restarting my PC now... Link to comment Share on other sites More sharing options...
Phil_S 3 Posted August 2, 2020 Author Share Posted August 2, 2020 Rebooted. Eset has just successfully checked for and completed an update . ekrn.exe now 125,000 KB memory in use, 0% CPU. Will see how it goes. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted August 2, 2020 Share Posted August 2, 2020 (edited) Try collecting logs and share here. It may help ESET troubleshoot the issue even though it may have been fixed on your PC. Edited August 2, 2020 by SeriousHoax Link to comment Share on other sites More sharing options...
Phil_S 3 Posted August 2, 2020 Author Share Posted August 2, 2020 (edited) This is all I can find. It's from 24 hours ago and I don't know if it's relevant as according to the Eset log EIS successfully updated at 09:48 hrs today. The application update to 13.2.16.0 was completed at 08:01 yesterday, around 7 hours before this log was created. I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required. Log Name: Application Source: Windows Error Reporting Date: 01/08/2020 15:56:57 Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: XXXX Description: Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: ekrn.exe P2: 10.15.29.0 P3: 5f196609 P4: ntdll.dll P5: 6.3.9600.19678 P6: 5e82c88a P7: c0000024 P8: 00000000000ecf40 P9: P10: Attached files: C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml WERGenerationLog.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499 Analysis symbol: Rechecking for solution: 0 Report ID: 3da11dd7-d407-11ea-85f7-50e549b22cc4 Report Status: 131076 Hashed bucket: Event Xml: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Windows Error Reporting" /> <EventID Qualifiers="0">1001</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2020-08-01T14:56:57.000000000Z" /> <EventRecordID>305328</EventRecordID> <Channel>Application</Channel> <Computer>HOME</Computer> <Security /> </System> <EventData> <Data> </Data> <Data>0</Data> <Data>APPCRASH</Data> <Data>Not available</Data> <Data>0</Data> <Data>ekrn.exe</Data> <Data>10.15.29.0</Data> <Data>5f196609</Data> <Data>ntdll.dll</Data> <Data>6.3.9600.19678</Data> <Data>5e82c88a</Data> <Data>c0000024</Data> <Data>00000000000ecf40</Data> <Data> </Data> <Data> </Data> <Data> C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml WERGenerationLog.txt</Data> <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499</Data> <Data> </Data> <Data>0</Data> <Data>3da11dd7-d407-11ea-85f7-50e549b22cc4</Data> <Data>131076</Data> <Data> </Data> </EventData> </Event> Edited August 2, 2020 by Phil_S Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted August 3, 2020 ESET Moderators Share Posted August 3, 2020 Hello @Phil_S, we would need a dump of the process memory to check what is going on there. If you see again such high resource consumption , please navigate to Advances settings -> Tools -> Diagnostics and set the dump type to Full. Hit the Create button next to Create diagnostic dump option. Once complete, create a log with ESET Log Collector, upload the generated archive to a safe location and send me a private message with the download details to check. Peter Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 3, 2020 Administrators Share Posted August 3, 2020 22 hours ago, Phil_S said: I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required. Yes, please provide these files to us. Link to comment Share on other sites More sharing options...
Phil_S 3 Posted August 3, 2020 Author Share Posted August 3, 2020 Thanks @Peter Randziak, So far, everything is normal since the reboot. If it happens again I'll do as you suggest, but I thought I ought to mention it in case there was an unknown issue with the new release, having found a similar post in the NOD32 AV forum. @Marcos, files attached. Thank you. AppCrash_ekrn_exe.zip Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted August 4, 2020 ESET Moderators Share Posted August 4, 2020 Hello @Phil_S, thank you for the log file, but sadly the dump file is empty 😞 so we cannot analyze it... Please monitor the situation and in case you encounter the issue again, provide us with logs as described above so we can check what is going on there... Peter Link to comment Share on other sites More sharing options...
Phil_S 3 Posted August 4, 2020 Author Share Posted August 4, 2020 Thank you @Peter Randziak Everything is still normal so far. If it happens again I will let you know. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts