Jump to content

Recommended Posts

Eset updated to v13.2.16.0 yesterday and last completed a successful definition update over 4 hours ago. Wondering why my PC has slowed to a crawl I opened Resource Monitor to find that ekrn.exe is using over 12GB of physical memory, currently 93% memory usage and still increasing. The Eset tray icon is continuously spinning and the program has been reporting "Module update in progress" for at least the last hour that I am aware of, possibly since the last update check over 4 hours ago for all I know.

I have tried clicking "Cancel Update" but it is not responding.

Current stats for ekrn.exe are

132,933 threads 18.4% CPU

Memory 12,419,948 KB

Going to try restarting my PC now...

Share this post


Link to post
Share on other sites

Rebooted. Eset has just successfully checked for and completed an update . ekrn.exe  now 125,000 KB memory in use, 0% CPU.

Will see how it goes.

Share this post


Link to post
Share on other sites

Try collecting logs and share here. It may help ESET troubleshoot the issue even though it may have been fixed on your PC.

Edited by SeriousHoax

Share this post


Link to post
Share on other sites

This is all I can find. It's from 24 hours ago and I don't know if it's relevant as according to the Eset log EIS successfully updated at 09:48 hrs today.

The application update to 13.2.16.0 was completed at 08:01 yesterday, around 7 hours before this log was created.

I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.

Log Name:      Application
Source:        Windows Error Reporting
Date:          01/08/2020 15:56:57
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      XXXX
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: ekrn.exe
P2: 10.15.29.0
P3: 5f196609
P4: ntdll.dll
P5: 6.3.9600.19678
P6: 5e82c88a
P7: c0000024
P8: 00000000000ecf40
P9: 
P10: 

Attached files:
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499

Analysis symbol: 
Rechecking for solution: 0
Report ID: 3da11dd7-d407-11ea-85f7-50e549b22cc4
Report Status: 131076
Hashed bucket: 
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-08-01T14:56:57.000000000Z" />
    <EventRecordID>305328</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HOME</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>APPCRASH</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>ekrn.exe</Data>
    <Data>10.15.29.0</Data>
    <Data>5f196609</Data>
    <Data>ntdll.dll</Data>
    <Data>6.3.9600.19678</Data>
    <Data>5e82c88a</Data>
    <Data>c0000024</Data>
    <Data>00000000000ecf40</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt</Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>3da11dd7-d407-11ea-85f7-50e549b22cc4</Data>
    <Data>131076</Data>
    <Data>
    </Data>
  </EventData>
</Event>

Edited by Phil_S

Share this post


Link to post
Share on other sites

Hello @Phil_S,

we would need a dump of the process memory to check what is going on there.

If you see again such high resource consumption , please navigate to Advances settings -> Tools -> Diagnostics and set the dump type to Full. Hit the Create button next to Create diagnostic dump option.

Once complete, create a log with ESET Log Collector, upload the generated archive to a safe location and send me a private message with the download details to check.

Peter

Share this post


Link to post
Share on other sites
22 hours ago, Phil_S said:

I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.

Yes, please provide these files to us.

Share this post


Link to post
Share on other sites

Thanks @Peter Randziak,

So far, everything is normal since the reboot. If it happens again I'll do as you suggest, but I thought I ought to mention it in case there was an unknown issue with the new release, having found a similar post in the NOD32 AV forum.

@Marcos, files attached. Thank you.

 

AppCrash_ekrn_exe.zip

Share this post


Link to post
Share on other sites

Hello @Phil_S,

thank you for the log file, but sadly the dump file is empty 😞 so we cannot analyze it...

Please monitor the situation and in case you encounter the issue again, provide us with logs as described above so we can check what is going on there...

Peter

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...