Jump to content

Recommended Posts

dude, i need some help.

i've problem with EKRN.exe work use more CPU process, and it make stopping WMI Provider Host. i was try some method like uninstalling ESET using Uninstaller tool and re-installed again, it still same
 

Screenshot (53).png

Screenshot (52).png

Screenshot (51).png

Link to comment
Share on other sites

  • Administrators

Basically WMI is fully scanned only if you run "Scan your computer" or if you run a custom scan and select WMI as a target.

According to MS the code means:

WMI-Activity Error 5858 with ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED) indicates that the WMI caller has successfully issued IWbemServices:ExecQuery, but has released the IWbemContext object before retrieving the full result set using the IEnumWbemClassObject::Next method. If the WMI service is still holding data for the client when the client terminates the link (by releasing the IWbemContext object), this event will be logged.

This error can happen if the WMI application calls IEnumWbemClassObject::Next with a timeout value (lTimeout) that is not long enough to retrieve the object being queried, and is not checking for a return code of WBEM_S_TIMEDOUT (0x40004) in order to issue the request again.

I assume that during a WMI scan it took long for the system to provide the scanner with the requested data. Just ignore the error. Also don't run WMI scans if you need to run just a quick disk scan.

Link to comment
Share on other sites

I chkd Malware Scans/Targets and see WMI is Unchk'd --- and SO is Registry.

WHAT is the recommended setup and timing for Registry scans? ..... Search web & here was useless.

Link to comment
Share on other sites

  • Administrators

You can run a full WMI & registry scan when not working with the computer or not running resource-intensive applications.

Autorun keys are scanned after a module update and when the system starts.

Link to comment
Share on other sites

2 hours ago, Marcos said:

You can run a full WMI & registry scan when not working with the computer or not running resource-intensive applications.

Autorun keys are scanned after a module update and when the system starts.

Thanks, Marcos. I just did a manual Scan with Registry and WMI chk'd along with the regular modules seen in this Log Rept.

Just wondering WHY with Registry and WMI Added the Log is HALF the size of Scheduled Scans showing that don't include these two. I see the E Recovery Partition on my D Data Drive shows in Today's Scan but isn't chk'd in others. Drive C is SSD.

165609986_2-18-21REG-WIMSCANLOG.thumb.jpg.8471de7ce374b1d3f1f4561018b4797e.jpg

Edited by COStark26
Link to comment
Share on other sites

3 hours ago, COStark26 said:

Just wondering WHY with Registry and WMI Added the Log is HALF the size of Scheduled Scans showing that don't include these two. I see the E Recovery Partition on my D Data Drive shows in Today's Scan but isn't chk'd in others. Drive C is SSD.

When you run Eset's default scan, it is using the Smart scan profile. In this mode, Eset won't re-scan files already scanned. Also this scan profile scans WMI and registry entries. I don't believe these entries are included in the scan file count.

When you run a Custom scan and select the In-depth scan profile, all files will be scanned.

Quote

There are 4 pre-defined scan profiles in ESET Internet Security:

Smart scan: This is the default advanced scanning profile. The Smart scan profile uses Smart Optimization technology, which excludes files that were found to be clean in a previous scan and have not been modified since that scan. This allows for lower scan times with a minimal impact to system security.

Context menu scan: You can start an on-demand scan of any file from the context menu. The Context menu scan profile allows you to define a scan configuration that will be used when you trigger the scan this way.

In-depth scan: The In-depth scan profile does not use Smart optimization by default, so no files are excluded from scanning using this profile.

Computer scan: This is the default profile used in the standard computer scan.

https://help.eset.com/eis/14/en-US/idh_config_scan.html?work_avas_ondemand_profiles.html

 

Edited by itman
Link to comment
Share on other sites

  • Administrators

The scans with different target settings probably used different profile settings which would account for the difference in the number of scanner files.

Link to comment
Share on other sites

Can't something be done about this WMI error? I have been waiting for a few months for an update for ESET to fix it, but it hasn't happened yet. 

Link to comment
Share on other sites

  • Administrators

As I wrote, the code means it takes the system too long to respond to scanner's query so it times out and the error record is logged. We cannot wait too long for the system to respond in case of WMI scans.

Link to comment
Share on other sites

1 hour ago, SeriousHoax said:

Can't something be done about this WMI error?

If I remember correctly, your issue was WMI was abending? It was not the WMI error logging issue.

Link to comment
Share on other sites

On 2/19/2021 at 3:09 AM, itman said:

If I remember correctly, your issue was WMI was abending? It was not the WMI error logging issue.

You are right, but that didn't happen anymore when I reinstalled again a month later. The error logging issue is still common though for everybody if WMI is scanned. I also saw ESET's initial scan is scanning WMI. It shouldn't do this until something can be done to fix it. 

Link to comment
Share on other sites

10 hours ago, SeriousHoax said:

The error logging issue is still common though for everybody if WMI is scanned.

Correct.

But the excessive logging in the Win WMI event log should not be adversely impacting anything. It doesn't do so on my PC. When I run an Eset scan that scans WMI entries, I just clear the WMI log to remove all those bogus error log entries.

Link to comment
Share on other sites

17 hours ago, itman said:

Correct.

But the excessive logging in the Win WMI event log should not be adversely impacting anything. It doesn't do so on my PC. When I run an Eset scan that scans WMI entries, I just clear the WMI log to remove all those bogus error log entries.

How to remove the WMI log? 

Link to comment
Share on other sites

6 hours ago, SeriousHoax said:

How to remove the WMI log? 

I posted "clear" the log; not remove it.

In Event Viewer, open Applications and Services Logs -> Microsoft -> Windows and scroll down to WMI - Activity log and expand the entry. Right mouse click on the Operational log and select - Clear Log. Alternatively, you can select Properties and mouse click on the Clear Log button displayed there.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...