Jump to content

v13.2.16.0 huge memory usage


Recommended Posts

Eset updated to v13.2.16.0 yesterday and last completed a successful definition update over 4 hours ago. Wondering why my PC has slowed to a crawl I opened Resource Monitor to find that ekrn.exe is using over 12GB of physical memory, currently 93% memory usage and still increasing. The Eset tray icon is continuously spinning and the program has been reporting "Module update in progress" for at least the last hour that I am aware of, possibly since the last update check over 4 hours ago for all I know.

I have tried clicking "Cancel Update" but it is not responding.

Current stats for ekrn.exe are

132,933 threads 18.4% CPU

Memory 12,419,948 KB

Going to try restarting my PC now...

Link to comment
Share on other sites

Rebooted. Eset has just successfully checked for and completed an update . ekrn.exe  now 125,000 KB memory in use, 0% CPU.

Will see how it goes.

Link to comment
Share on other sites

Try collecting logs and share here. It may help ESET troubleshoot the issue even though it may have been fixed on your PC.

Edited by SeriousHoax
Link to comment
Share on other sites

This is all I can find. It's from 24 hours ago and I don't know if it's relevant as according to the Eset log EIS successfully updated at 09:48 hrs today.

The application update to 13.2.16.0 was completed at 08:01 yesterday, around 7 hours before this log was created.

I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.

Log Name:      Application
Source:        Windows Error Reporting
Date:          01/08/2020 15:56:57
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      XXXX
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: ekrn.exe
P2: 10.15.29.0
P3: 5f196609
P4: ntdll.dll
P5: 6.3.9600.19678
P6: 5e82c88a
P7: c0000024
P8: 00000000000ecf40
P9: 
P10: 

Attached files:
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499

Analysis symbol: 
Rechecking for solution: 0
Report ID: 3da11dd7-d407-11ea-85f7-50e549b22cc4
Report Status: 131076
Hashed bucket: 
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-08-01T14:56:57.000000000Z" />
    <EventRecordID>305328</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HOME</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>APPCRASH</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>ekrn.exe</Data>
    <Data>10.15.29.0</Data>
    <Data>5f196609</Data>
    <Data>ntdll.dll</Data>
    <Data>6.3.9600.19678</Data>
    <Data>5e82c88a</Data>
    <Data>c0000024</Data>
    <Data>00000000000ecf40</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt</Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>3da11dd7-d407-11ea-85f7-50e549b22cc4</Data>
    <Data>131076</Data>
    <Data>
    </Data>
  </EventData>
</Event>

Edited by Phil_S
Link to comment
Share on other sites

  • ESET Moderators

Hello @Phil_S,

we would need a dump of the process memory to check what is going on there.

If you see again such high resource consumption , please navigate to Advances settings -> Tools -> Diagnostics and set the dump type to Full. Hit the Create button next to Create diagnostic dump option.

Once complete, create a log with ESET Log Collector, upload the generated archive to a safe location and send me a private message with the download details to check.

Peter

Link to comment
Share on other sites

  • Administrators
22 hours ago, Phil_S said:

I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.

Yes, please provide these files to us.

Link to comment
Share on other sites

Thanks @Peter Randziak,

So far, everything is normal since the reboot. If it happens again I'll do as you suggest, but I thought I ought to mention it in case there was an unknown issue with the new release, having found a similar post in the NOD32 AV forum.

@Marcos, files attached. Thank you.

 

AppCrash_ekrn_exe.zip

Link to comment
Share on other sites

  • ESET Moderators

Hello @Phil_S,

thank you for the log file, but sadly the dump file is empty 😞 so we cannot analyze it...

Please monitor the situation and in case you encounter the issue again, provide us with logs as described above so we can check what is going on there...

Peter

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...