ArthurBS 0 Posted June 16, 2021 Share Posted June 16, 2021 Good afternoon, several of our employees went to work remotely, they connect via rdp to their work PC in the office, after that on some PCs the eset began to load the hard disk by 100%, I can't understand why it behaves this way, with local work in the office, everything returns to normal eea_logs.zip Link to comment Share on other sites More sharing options...
ArthurBS 0 Posted June 16, 2021 Author Share Posted June 16, 2021 we use eset endpoint 8.0, windows 10 21h1 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted June 16, 2021 Administrators Share Posted June 16, 2021 We'll need an advanced operating system log esetperf.etl from time when the issue occurs. You can enable advanced OS logging in the advanced setup -> tools -> diagnostics. Keep it logging for 2-3 minutes, then disable logging and collect fresh logs with ESET Log Collector. Since the archive will be probably too big to upload it here, upload it to a safe location and drop me a personal message with a download link. Your Endpoint is misconfigured. The following settings should be enabled or changed to defaults: - detection of pot. unsafe applications (recommend is on, important from security POV) - Advanced heuristics on newly created or modified files (on by default, important from security POV) -Advanced heuristics on file execution (on by default, important from security POV) - Detection exclusions - too many of them, all are incorrect, remove them - Network attack protection (IDS) (on by default, important from security POV) - Regular automatic update - upd is checked every 4 hours, recommended is to use the default 60 min. interval - Automatic startup file check (after logon) (on by default, important from security POV) - Automatic startup file check (after update) (on by default, important from security POV) - Excluded processes - too many processes are excluded, even processes run from the temp folder are excluded, remove all process exclusions If you have issues if no exclusions are set, let us know please. Link to comment Share on other sites More sharing options...
ArthurBS 0 Posted June 16, 2021 Author Share Posted June 16, 2021 Sent you a report Link to comment Share on other sites More sharing options...
ArthurBS 0 Posted June 17, 2021 Author Share Posted June 17, 2021 hello Marcos! yesterday I sent you a link to the log file in a personal message, as you asked, did you get it? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted June 17, 2021 Administrators Share Posted June 17, 2021 Does adding D:\data\Documentation\Gxl\Gxxxrc to performance exclusions make a difference? Some letters were replaced with "x". Link to comment Share on other sites More sharing options...
ArthurBS 0 Posted June 18, 2021 Author Share Posted June 18, 2021 added to the exceptions, let's watch for a while Link to comment Share on other sites More sharing options...
ArthurBS 0 Posted June 21, 2021 Author Share Posted June 21, 2021 Hi Marcos! The problem persists, it also loads the hard disk by 100% Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted June 21, 2021 Administrators Share Posted June 21, 2021 Please provide fresh ELC logs to make sure that the folder is correctly excluded. According to the log provided most of time was spent by reading files that should be excluded now: Link to comment Share on other sites More sharing options...
itman 1,543 Posted June 21, 2021 Share Posted June 21, 2021 Refer to this article on how to create performance exclusions on Eset Endpoint client installations: https://support.eset.com/en/kb6985-exclude-files-or-folders-from-real-time-scanning-on-an-individual-workstation-in-eset-endpoint-products-7x Link to comment Share on other sites More sharing options...
Recommended Posts