Jump to content

"ESET Service" and "ESET Firewall" crashing many times a day


Go to solution Solved by Marcos,

Recommended Posts

Thanks to Nod32 this world is a better place 😀

Since yesterday, Nod32 started to misbehave. There are many reports in the Windows logs that "ESET Service" and "ESET Firewall" services have been terminated unexpectedly. There is also an increased CPU load caused by ekrn.exe. The service consumes more and more memory until it crashes and starts again. I had to reinstall NOD32 shortly after the first symptoms occurred, as the sysytem began to slow down severely until it would hang completely. After reinstalling NOD32 it was possible to use the system, but the other symptoms remained.

Thank you in advance!

eav_logs.zip

Link to comment
Share on other sites

  • Administrators

Did you disable these settings to prevent the crashes from occurring?

Protocol filtering
Web access protection
SSL protocol checking
HTTP protocol checking

Those are important ones and with protocol filtering disabled you open the door to Internet-borne threats.

Also we recommend enabling the LiveGrid Feedback system for maximum protection and upgrading to ESET Internet Security at least in order to get Network protection. In the past it protected our users also from the infamous Wannacry ransomware that exploited an unpatched vulnerability in Windows.

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

- download Procdump from https://learn.microsoft.com/en-us/sysinternals/downloads/procdump
- temporarily disable Protected service in the advanced setup -> HIPS
- reboot the machine
- run Procdump as an administrator as follows:
procdump -ma -e ekrn.exe
- wait until ekrn crashes and a dump is generated
- compress the dump, upload it to a safe location and drop me a download link
- re-enable Protected service and reboot the machine.

Link to comment
Share on other sites

@Marcos I followed closely your advice, and unfortunately procdump failed with "Access Denied" error (0x00000005). But configuring "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Error Reporting\LocalDumps" allowed me to take two crash dumps. You can download them from there: https://mega.nz/folder/tKBWjbDR#2HpjZ2YT19u3T9pfSGeOGw

Previously, I only had SSL MITM scanning disabled, but since the problem occurred, I have disabled more network-related functions. I realize that by disabling these services, I am leaving a larger surface to attack my system.

There are two .7z archives, I'll send you PM with a password to open them.

@itman I have Windows 11 Pro 22H2, 10.0.22621.1992.

Link to comment
Share on other sites

  • Administrators
  • Solution

Thank you, the dump helped and we should be able to pinpoint the issue based on it.

As for running Procdump, it must be run as an administrator and Protected service (in HIPS settings) must be disabled and the machine rebooted prior to running Procdump. Just in case you'd need to make another dump in the future which we hope won't be needed.

Link to comment
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...