High CPU usage

[JohnyRicio 0]

Hi,

I have and issue with Internet security. Very often it use 14% of CPU. And by this SW is freezed my Google chrome when I browsing the internet. I tried to of it and it starts to work. When I turn on back again, the issue is back. 

Please help me to solve this issue. Logs are attached.

Logs.zip

[Marcos 3,631]

You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner.

Does uninstalling it make a difference?

 

[JohnyRicio 0]

2 hours ago, Marcos said:

You have a CoinMiner installed in C:\Program Files (x86)\EasyMiner.

Does uninstalling it make a difference?

 

No, I don't have it. I had it, but I uninstall them few day ago. This issue happening longer and still occurring.

[Marcos 3,631]

Please carry on as follows:
- reproduce the issue
- enable advanced oper. system logging in the adv. setup -> tools -> diagnostics
- after approx. 1 minute disable logging
- collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a a download link.

[JohnyRicio 0]

PM was send. Thank you.

[Marcos 3,631]

Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing.

Please remove from detection exclusions:

Win32/CoinMiner.DP potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe
Win32/CoinMiner.DP potentially unwanted application  @ *
Win32/CoinMiner.BV potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe
Win32/CoinMiner.BV potentially unwanted application  @ *

Enable detection of potentially unsafe applications, just in case.

You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: http://amtso.eicar.org/cloudcar.exe

[JohnyRicio 0]

2 hours ago, Marcos said:

Looks like you didn't enable advanced operating system logging as instructed. The Diagnostics folder was empty, esetperf.etl log was missing.

Please remove from detection exclusions:

Win32/CoinMiner.DP potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cudaminer\ccminer.exe
Win32/CoinMiner.DP potentially unwanted application  @ *
Win32/CoinMiner.BV potentially unwanted application  @ C:\Program Files (x86)\EasyMiner\cpuminer-x32\minerd.exe
Win32/CoinMiner.BV potentially unwanted application  @ *

Enable detection of potentially unsafe applications, just in case.

You have a problem with LiveGrid. Access to LiveGrid servers is probably blocked by a firewall. Please make sure that the CloudCar test file is detected upon download: hxxp://amtso.eicar.org/cloudcar.exe

In PM you will find new logs. 

About cloucar.exe this was detected and removed by eset SW.

After remove easyMiner from excluding for check the issue stil occurring.

[Marcos 3,631]

For some reason esetperf.etl is still missing:

C:\ProgramData\ESET\ESET Security\Diagnostics\
        0 files               0 bytes

Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs?

[JohnyRicio 0]

25 minutes ago, Marcos said:

For some reason esetperf.etl is still missing:

C:\ProgramData\ESET\ESET Security\Diagnostics\
        0 files               0 bytes

Did you actually enable advanced OS logging, reproduced the issue and disabled logging prior to collecting logs?

On the same link you will find new logs. Now there is you requered file.

[Marcos 3,631]

Still no joy. Make sure that you enable advanced oper. system logging prior to reproducing the issue and disable it prior to collecting logs. It will be enough just to provide C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl.

[JohnyRicio 0]

I don't understand why it is not there... Anyway I upload file alone under same link...

[Marcos 3,631]

The log was extremely large (23 GB), opening it paralyzed my machine for more than an hour. As I've asked, please do not leave advanced OS logging enabled for more than a minute and compress the log next time.

Try the following:
1, Use automatic firewall mode. Currently you use interactive mode and have more than 1500 rules created. Try the following:
- export the current configuration
- switch the firewall to automatic mode
- delete all custom rules

If that doesn't help, try uninstalling ESET and installing it from scratch without changing default settings.

2, PhpStorm was another CPU intensive process. Please make sure it's not running when trying to troubleshoot CPU utilization issues.

[JohnyRicio 0]

When I switch FW to automatic mode, issue is away, but I want to have a control under roles. Is there a way how to have enabled my rules? 

PHPStorm is another issue and I don't need to solve it now.

 

Thank you.

[Marcos 3,631]

In following versions of the firewall module we plan to optimize processes connected with evaluation of executables used in rules which should mitigate CPU usage when many fw rules exist and interactive mode is used.