Jump to content

Excessive logging and CPU usage


stevekay
 Share

Recommended Posts

I have multiple Windows 10 clients who are seeing 100% CPU utilization and gigabytes worth of log files being written every day to the escan folder. They are all running ESET Endpoint Antivirus 7.3.2039.0. Log all objects is disabled in the startup scan, the software has been removed and reinstalled but the excessive logging continues.

Link to comment
Share on other sites

  • Administrators

The escan folder contains on-demand scanner logs. Couldn't it be that you have an on-demand scan scheduled to run too frequently and have logging of all objects enabled in the on-demand scanner profile that is used?

image.png

You can delete the content of the escan folder or delete the logs via gui.

Link to comment
Share on other sites

  • Administrators

Please collect logs again but with these artifacts selected:

image.png

Also make sure to disable logging of blocked operations in the advanced HIPS setup:

image.png

Link to comment
Share on other sites

I made the change to not log all blocked operations. Adding the additional artifacts to the log collector caused the file size to grow to 200 MB so I can't upload it here.

Link to comment
Share on other sites

  • Administrators

You have enabled the Idle-state scanner in the advanced setup as well as logging of all objects scanned by the idle-state scanner. You can delete the content of the escan folder or on-demand scanner logs via the gui.

Link to comment
Share on other sites

So if I have idle-state scanning enabled but don't have logging enabled, then is there still a record of the scans somewhere? For compliance purposes I need to be able to show scan results.

It's also only occurring on two machines, and during times when the machines are actively being used (i.e. not idle).

Link to comment
Share on other sites

  • Administrators

It's enabled as can be seen in your configuration xml:

        <NODE NAME="LogAllEnable" TYPE="number" VALUE="1" />

It appears that it's applied via an ESMC policy.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...