Jump to content

Recommended Posts

Posted

I have multiple Windows 10 clients who are seeing 100% CPU utilization and gigabytes worth of log files being written every day to the escan folder. They are all running ESET Endpoint Antivirus 7.3.2039.0. Log all objects is disabled in the startup scan, the software has been removed and reinstalled but the excessive logging continues.

  • Administrators
Posted

The escan folder contains on-demand scanner logs. Couldn't it be that you have an on-demand scan scheduled to run too frequently and have logging of all objects enabled in the on-demand scanner profile that is used?

image.png

You can delete the content of the escan folder or delete the logs via gui.

Posted

I have checked the on-demand, idle-state, and startup scan settings and all three have log all objects disabled.

1141348901_ScreenShot2020-08-13at12_19_48PM.thumb.png.dbaaf9174609b7a8d5f9c5ece33e420f.png

  • Administrators
Posted

Please collect logs with ESET Log Collector from the machine and upload the generated archive here.

  • Administrators
Posted

Please collect logs again but with these artifacts selected:

image.png

Also make sure to disable logging of blocked operations in the advanced HIPS setup:

image.png

Posted

I made the change to not log all blocked operations. Adding the additional artifacts to the log collector caused the file size to grow to 200 MB so I can't upload it here.

  • Administrators
Posted

You can upload it to wetransfer.com for instance and drop me a personal message with a download link.

  • Administrators
Posted

You have enabled the Idle-state scanner in the advanced setup as well as logging of all objects scanned by the idle-state scanner. You can delete the content of the escan folder or on-demand scanner logs via the gui.

Posted

So if I have idle-state scanning enabled but don't have logging enabled, then is there still a record of the scans somewhere? For compliance purposes I need to be able to show scan results.

It's also only occurring on two machines, and during times when the machines are actively being used (i.e. not idle).

  • Administrators
Posted

You have this option in the idle-state scanner setup enabled:

image.png

Idle-state scanner logging can be enabled here:

image.png

Posted

Log all objects has been disabled everywhere so I'll let you know if we still have issues.

Thanks.

  • Administrators
Posted

It's enabled as can be seen in your configuration xml:

        <NODE NAME="LogAllEnable" TYPE="number" VALUE="1" />

It appears that it's applied via an ESMC policy.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...