Jump to content

Idle-stat scan causing high memory pages


Recommended Posts

Is there any way to dial back the idle-state scanning? It frequently triggers excessive memory paging, specifically on our file servers.

We also find that when an infected file is present, idle-state will report it up to 5 or 6 different times in a 24-hour period, which seems to indicate that it is  scanning  the entirety of a 1TB drive multiple times per day. We'd like to dial this back, as well if at all possible.

TIA

Link to comment
Share on other sites

  • Administrators
5 minutes ago, j-gray said:

It frequently triggers excessive memory paging, specifically on our file servers.

Please provide a screenshot for illustration.

5 minutes ago, j-gray said:

We also find that when an infected file is present, idle-state will report it up to 5 or 6 different times in a 24-hour period

Detected threats should be cleaned and not detected repeatedly during next scans. Please provide logs collected with ESET Log Collector.

Link to comment
Share on other sites

In the detection instances they were all malware within an archive; one was an email within a very old .mbx file and the other within an .iso file. My understanding (and according to support), because it's an object within an archive, it's unable to be remediated by ESET.  My bigger concern though is what seems to be frequent, repetitive idle-state scanning.

And unfortunately I don't have a screenshot of memory usage. I get alerted by our monitoring application and typically miss the occurances. Because it's random in nature I can't predict when it will occur, either. It does coincide with times that idle-state is scanning. Additionally, it doesn't occur when idle-state scanning is disabled.

Link to comment
Share on other sites

  • Administrators

Malicious attachments should be cleanable in MBX files. Is the MBX file the email storage that Thunderbird uses? You could also consider excluding MBX from being scanned by the idle-state scanner.

As for ISO, if it contains only a malicious file, the whole archive should be deleted/cleaned automatically.

Link to comment
Share on other sites

On 7/29/2022 at 10:51 PM, Marcos said:

Malicious attachments should be cleanable in MBX files. Is the MBX file the email storage that Thunderbird uses? You could also consider excluding MBX from being scanned by the idle-state scanner.

As for ISO, if it contains only a malicious file, the whole archive should be deleted/cleaned automatically.

Interesting. I'm certainly not seeing that behavior after multiple detections over multiple days. In all cases we see, "Action error - 
Unable to clean". This particular mbx file appears to be a very old and disused Outlook Express file.

And in fact, ESET support (#00393240) advised that the only way to clean it successfully was to enter the inbox and delete the suspect message.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...