JohnyRicio 0 Posted January 15 Share Posted January 15 Hi, I have and issue with Internet security. Very often it use 14% of CPU. And by this SW is freezed my Google chrome when I browsing the internet. I tried to of it and it starts to work. When I turn on back again, the issue is back. Please help me to solve this issue. Logs are attached. Logs.zip Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner. Does uninstalling it make a difference? Quote Link to post Share on other sites
JohnyRicio 0 Posted January 16 Author Share Posted January 16 2 hours ago, Marcos said: You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner. Does uninstalling it make a difference? No, I don't have it. I had it, but I uninstall them few day ago. This issue happening longer and still occurring. Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 Please carry on as follows: - reproduce the issue - enable advanced oper. system logging in the adv. setup -> tools -> diagnostics - after approx. 1 minute disable logging - collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a a download link. Quote Link to post Share on other sites
JohnyRicio 0 Posted January 16 Author Share Posted January 16 PM was send. Thank you. Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing. Please remove from detection exclusions: Win32/CoinMiner.DP potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe Win32/CoinMiner.DP potentially unwanted application @ * Win32/CoinMiner.BV potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe Win32/CoinMiner.BV potentially unwanted application @ * Enable detection of potentially unsafe applications, just in case. You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: http://amtso.eicar.org/cloudcar.exe Quote Link to post Share on other sites
JohnyRicio 0 Posted January 16 Author Share Posted January 16 2 hours ago, Marcos said: Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing. Please remove from detection exclusions: Win32/CoinMiner.DP potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe Win32/CoinMiner.DP potentially unwanted application @ * Win32/CoinMiner.BV potentially unwanted application @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe Win32/CoinMiner.BV potentially unwanted application @ * Enable detection of potentially unsafe applications, just in case. You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: hxxp://amtso.eicar.org/cloudcar.exe In PM you will find new logs. About cloucar.exe this was detected and removed by eset SW. After remove easyMiner from excluding for check the issue stil occurring. Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 For some reason esetperf.etl is still missing: C:\ProgramData\ESET\ESET Security\Diagnostics\ 0 files 0 bytes Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs? Quote Link to post Share on other sites
JohnyRicio 0 Posted January 16 Author Share Posted January 16 25 minutes ago, Marcos said: For some reason esetperf.etl is still missing: C:\ProgramData\ESET\ESET Security\Diagnostics\ 0 files 0 bytes Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs? On the same link you will find new logs. Now there is you requered file. Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 Still no joy. Make sure that you enable advanced oper. system logging prior to reproducing the issue and disable it prior to collecting logs. It will be enough just to provide C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl. Quote Link to post Share on other sites
JohnyRicio 0 Posted January 16 Author Share Posted January 16 I don't understand why it is not there... Anyway I upload file alone under same link... Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 16 Administrators Share Posted January 16 The log was extremely large (23 GB), opening it paralyzed my machine for more than an hour. As I've asked, please do not leave advanced OS logging enabled for more than a minute and compress the log next time. Try the following: 1, Use automatic firewall mode. Currently you use interactive mode and have more than 1500 rules created. Try the following: - export the current configuration - switch the firewall to automatic mode - delete all custom rules If that doesn't help, try uninstalling ESET and installing it from scratch without changing default settings. 2, PhpStorm was another CPU intensive process. Please make sure it's not running when trying to troubleshoot CPU utilization issues. Quote Link to post Share on other sites
JohnyRicio 0 Posted January 17 Author Share Posted January 17 When I switch FW to automatic mode, issue is away, but I want to have a control under roles. Is there a way how to have enabled my rules? PHPStorm is another issue and I don't need to solve it now. Thank you. Quote Link to post Share on other sites
Administrators Marcos 3,598 Posted January 19 Administrators Share Posted January 19 In following versions of the firewall module we plan to optimize processes connected with evaluation of executables used in rules which should mitigate CPU usage when many fw rules exist and interactive mode is used. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.