Jump to content

Recommended Posts

Hi,

I have and issue with Internet security. Very often it use 14% of CPU. And by this SW is freezed my Google chrome when I browsing the internet. I tried to of it and it starts to work. When I turn on back again, the issue is back. 

Please help me to solve this issue. Logs are attached.

Logs.zip

Link to post
Share on other sites
2 hours ago, Marcos said:

You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner.

Does uninstalling it make a difference?

 

No, I don't have it. I had it, but I uninstall them few day ago. This issue happening longer and still occurring. :(

Link to post
Share on other sites
  • Administrators

Please carry on as follows:
- reproduce the issue
- enable advanced oper. system logging in the adv. setup -> tools -> diagnostics
- after approx. 1 minute disable logging
- collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a a download link.

Link to post
Share on other sites
  • Administrators

Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing.

Please remove from detection exclusions:

Win32/CoinMiner.DP potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe
Win32/CoinMiner.DP potentially unwanted application  @ *
Win32/CoinMiner.BV potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe
Win32/CoinMiner.BV potentially unwanted application  @ *

Enable detection of potentially unsafe applications, just in case.

You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: http://amtso.eicar.org/cloudcar.exe

Link to post
Share on other sites
2 hours ago, Marcos said:

Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing.

Please remove from detection exclusions:

Win32/CoinMiner.DP potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe
Win32/CoinMiner.DP potentially unwanted application  @ *
Win32/CoinMiner.BV potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe
Win32/CoinMiner.BV potentially unwanted application  @ *

Enable detection of potentially unsafe applications, just in case.

You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: hxxp://amtso.eicar.org/cloudcar.exe

In PM you will find new logs. 

About cloucar.exe this was detected and removed by eset SW.

After remove easyMiner from excluding for check the issue stil occurring.

Link to post
Share on other sites
  • Administrators

For some reason esetperf.etl is still missing:

C:\ProgramData\ESET\ESET Security\Diagnostics\
        0 files               0 bytes

Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs?

Link to post
Share on other sites
25 minutes ago, Marcos said:

For some reason esetperf.etl is still missing:

C:\ProgramData\ESET\ESET Security\Diagnostics\
        0 files               0 bytes

Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs?

On the same link you will find new logs. Now there is you requered file.

Link to post
Share on other sites
  • Administrators

Still no joy. Make sure that you enable advanced oper. system logging prior to reproducing the issue and disable it prior to collecting logs. It will be enough just to provide C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl.

image.png

Link to post
Share on other sites
  • Administrators

The log was extremely large (23 GB), opening it paralyzed my machine for more than an hour. As I've asked, please do not leave advanced OS logging enabled for more than a minute and compress the log next time.

Try the following:
1, Use automatic firewall mode. Currently you use interactive mode and have more than 1500 rules created. Try the following:
- export the current configuration
- switch the firewall to automatic mode
- delete all custom rules

If that doesn't help, try uninstalling ESET and installing it from scratch without changing default settings.

2, PhpStorm was another CPU intensive process. Please make sure it's not running when trying to troubleshoot CPU utilization issues.

Link to post
Share on other sites

When I switch FW to automatic mode, issue is away, but I want to have a control under roles. Is there a way how to have enabled my rules? 

PHPStorm is another issue and I don't need to solve it now.

 

Thank you.

Link to post
Share on other sites
  • Administrators

In following versions of the firewall module we plan to optimize processes connected with evaluation of executables used in rules which should mitigate CPU usage when many fw rules exist and interactive mode is used.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...