JohnyRicio 0 Posted January 15, 2021 Posted January 15, 2021 Hi, I have and issue with Internet security. Very often it use 14% of CPU. And by this SW is freezed my Google chrome when I browsing the internet. I tried to of it and it starts to work. When I turn on back again, the issue is back. Please help me to solve this issue. Logs are attached. Logs.zip
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner. Does uninstalling it make a difference?
JohnyRicio 0 Posted January 16, 2021 Author Posted January 16, 2021 2 hours ago, Marcos said: You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner. Does uninstalling it make a difference? No, I don't have it. I had it, but I uninstall them few day ago. This issue happening longer and still occurring.
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 Please carry on as follows: - reproduce the issue - enable advanced oper. system logging in the adv. setup -> tools -> diagnostics - after approx. 1 minute disable logging - collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a a download link.
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing. Please remove from detection exclusions: Win32/CoinMiner.DP potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe Win32/CoinMiner.DP potentially unwanted application @ * Win32/CoinMiner.BV potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe Win32/CoinMiner.BV potentially unwanted application @ * Enable detection of potentially unsafe applications, just in case. You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: http://amtso.eicar.org/cloudcar.exe
JohnyRicio 0 Posted January 16, 2021 Author Posted January 16, 2021 2 hours ago, Marcos said: Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing. Please remove from detection exclusions: Win32/CoinMiner.DP potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe Win32/CoinMiner.DP potentially unwanted application @ * Win32/CoinMiner.BV potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe Win32/CoinMiner.BV potentially unwanted application @ * Enable detection of potentially unsafe applications, just in case. You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: hxxp://amtso.eicar.org/cloudcar.exe In PM you will find new logs. About cloucar.exe this was detected and removed by eset SW. After remove easyMiner from excluding for check the issue stil occurring.
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 For some reason esetperf.etl is still missing: C:\ProgramData\ESET\ESET Security\Diagnostics\ 0 files 0 bytes Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs?
JohnyRicio 0 Posted January 16, 2021 Author Posted January 16, 2021 25 minutes ago, Marcos said: For some reason esetperf.etl is still missing: C:\ProgramData\ESET\ESET Security\Diagnostics\ 0 files 0 bytes Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs? On the same link you will find new logs. Now there is you requered file.
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 Still no joy. Make sure that you enable advanced oper. system logging prior to reproducing the issue and disable it prior to collecting logs. It will be enough just to provide C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl.
JohnyRicio 0 Posted January 16, 2021 Author Posted January 16, 2021 I don't understand why it is not there... Anyway I upload file alone under same link...
Administrators Marcos 5,468 Posted January 16, 2021 Administrators Posted January 16, 2021 The log was extremely large (23 GB), opening it paralyzed my machine for more than an hour. As I've asked, please do not leave advanced OS logging enabled for more than a minute and compress the log next time. Try the following: 1, Use automatic firewall mode. Currently you use interactive mode and have more than 1500 rules created. Try the following: - export the current configuration - switch the firewall to automatic mode - delete all custom rules If that doesn't help, try uninstalling ESET and installing it from scratch without changing default settings. 2, PhpStorm was another CPU intensive process. Please make sure it's not running when trying to troubleshoot CPU utilization issues.
JohnyRicio 0 Posted January 17, 2021 Author Posted January 17, 2021 When I switch FW to automatic mode, issue is away, but I want to have a control under roles. Is there a way how to have enabled my rules? PHPStorm is another issue and I don't need to solve it now. Thank you.
Administrators Marcos 5,468 Posted January 19, 2021 Administrators Posted January 19, 2021 In following versions of the firewall module we plan to optimize processes connected with evaluation of executables used in rules which should mitigate CPU usage when many fw rules exist and interactive mode is used.
Recommended Posts