Variety8037 0 Posted April 18, 2023 Share Posted April 18, 2023 What is to blame here? Is it a local issue or an issue with an ESET server under high load? Until I understand where the locus of this failure mode is, I cannot justify the time spent looking at this issue, and must stop efs.service. I saw a couple other topics on this, but never a clear statement or outcome, or a resulting KB to spread the knowledge about this error message which I'm sure a lot of people have experienced, and will continue to experience. Related ticket I filed today to get the ball rolling with support: #00520204 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted April 18, 2023 Administrators Share Posted April 18, 2023 Logs will need to be added to the support ticket. I've tried it myself and collect_logs.sh was there no matter if I installed ESET File Security or ESET Endpoint Antivirus on Ubuntu. Do you use a different Linux distribution? Couldn't it be that it's a 1 or 2-core CPU system? Link to comment Share on other sites More sharing options...
Variety8037 0 Posted April 19, 2023 Author Share Posted April 19, 2023 It's PoP OS, which is an Ubuntu derivative. Weird, now I look for collect_logs.sh and it is present. Never mind. Is there a particular file from the collected logs tar.gz that I should post? I cannot post the entire tar gz here because it contains information that has not been anonymized (syslog for example). But I could imagine doing that in the support ticket if there is an upload capability there. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted April 19, 2023 Administrators Share Posted April 19, 2023 Don't post it here but provide the logs to technical support when requested after raising a support ticket. The logs will need to be checked by developers. Can you confirm that it's a system with more than 2 CPU cores? Link to comment Share on other sites More sharing options...
Variety8037 0 Posted April 19, 2023 Author Share Posted April 19, 2023 I have 4 physical cores (8 logical cores). The support ticket is raised as #00520204, so the ball is rolling on that side as well. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted April 19, 2023 Administrators Share Posted April 19, 2023 I would check logs myself as well. You can upload the generated archive here if smaller than 200 MB or upload it to a file sharing service and drop me a personal message with a download link. Attachments uploaded here can be accessed only by ESET staff. Link to comment Share on other sites More sharing options...
Variety8037 0 Posted April 22, 2023 Author Share Posted April 22, 2023 The collect_logs.sh was creating a 32MB tar.gz, I had to find a better way. I cleaned /var/log and looked at what's happening shortly after starting efs.service. It does not take long for the first rtp timeout to show up. Please note that I have scrubbed user and host info Quote $ tail -f /var/log/syslog ... Apr 22 09:56:42 scrubbed systemd[1]: Starting ESET Server Security... Apr 22 09:56:44 scrubbed kernel: [21539.897993] eset_rtp: registered syscall handlers Apr 22 09:56:44 scrubbed kernel: [21539.898166] ESET Real-time file system protection module 2.0 <www.eset.com> Apr 22 09:56:44 scrubbed systemd[1]: Started ESET Server Security. Apr 22 09:56:54 scrubbed kernel: [21550.407041] eset_rtp: wait for scanner reply timeout, path: /home/scrubbed/Vault/Home/dotAssets/gitconfig-usedelta, event: OPEN, id: 47 pid: 68191 Apr 22 09:56:54 scrubbed kernel: [21550.407041] eset_rtp: wait for scanner reply timeout, path: /home/scrubbed/.EncryptedVault/S_luso-LVvyULp5mQWDMlg/w8xIO2-YVh94PGJgAoFVgw/-nCtnCj8SDglSe77MN4LBfbQxxOPbgha1HC7gC6xF58, event: OPEN, id: 48 pid: 5021 Apr 22 09:57:01 scrubbed cron[1323]: (*system*eset-efs) RELOAD (/etc/cron.d/eset-efs) Apr 22 09:57:09 scrubbed systemd[1]: Stopping ESET Server Security... Apr 22 09:57:11 scrubbed kernel: [21567.270769] eset_rtp: unregistered syscall handlers Apr 22 09:57:12 scrubbed systemd[1]: efs.service: Deactivated successfully. Apr 22 09:57:12 scrubbed systemd[1]: Stopped ESET Server Security. Apr 22 09:57:12 scrubbed systemd[1]: efs.service: Consumed 9.646s CPU time. ~/.EncryptedVault is the cipherdir for a gocryptfs user mounted encrypted directory of mine. Quote $ mount | grep gocryptfs /home/scrubbed/.EncryptedVault on /home/scrubbed/Vault type fuse.gocryptfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,max_read=131072) The allow_other mount options is not present. So not even root can read the files under Vault. Could this be triggering the problem? I doubt it, because if I keep looking in the syslog, there are timeouts happening on paths that have nothing to do with Vault Quote Apr 22 10:12:03 scrubbed rtkit-daemon[2092]: Supervising 14 threads of 8 processes of 2 users. ... Apr 22 10:13:35 scrubbed kernel: [22551.610178] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15286 pid: 5363 ... Apr 22 10:13:35 scrubbed kernel: [22551.610233] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15287 pid: 75156 ... Apr 22 10:13:46 scrubbed kernel: [22561.850138] eset_rtp: wait for scanner reply timeout, path: /memfd:mozilla-ipc (deleted), event: CLOSE, id: 15303 pid: 75554 Apr 22 10:13:46 scrubbed kernel: [22561.850145] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15301 pid: 75156 Apr 22 10:13:46 scrubbed kernel: [22561.850162] eset_rtp: wait for scanner reply timeout, path: /home/scrubbed/.librewolf/yy7rk7pb.default-release/storage/default/https+++forum.eset.com/ls/data.sqlite, event: CLOSE, id: 15300 pid: 22879 Apr 22 10:13:46 scrubbed kernel: [22561.850190] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15302 pid: 5363 Apr 22 10:13:56 scrubbed kernel: [22572.089902] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15319 pid: 75156 Apr 22 10:13:56 scrubbed kernel: [22572.089906] eset_rtp: wait for scanner reply timeout, path: /memfd:pulseaudio (deleted), event: CLOSE, id: 15321 pid: 75156 ... Apr 22 10:13:56 scrubbed kernel: [22572.089906] eset_rtp: wait for scanner reply timeout, path: /home/scrubbed/.librewolf/yy7rk7pb.default-release/cookies.sqlite-wal, event: CLOSE, id: 15317 pid: 22879 Link to comment Share on other sites More sharing options...
Recommended Posts