Long scanning time after Laptops falls a sleep ?

[itman 1,667]

13 minutes ago, Tio said:

If I enablesmart optimization, will it have an affect of the ing  27 hour scan that its doing ?

 

I advise you cancel the running In-depth scan. Then start a new In-depth scan with Smart Optimization profile selected.

[Marcos 5,085]

Cancelling a registry scan may take minutes if a big file referenced in the registry is being scanned at the moment.

We will appreciate if you create a dump of ekrn by clicking Create in the advanced setup -> Tools -> Diagnostics:

Then collect logs with ESET log collector or compress the dump created in C:\ProgramData\ESET\ESET Security\Diagnostics and supply it to us for perusal.

As for enabling Smart optimization in the In-depth scan, I meant this:

[itman 1,667]

11 minutes ago, Marcos said:

As for enabling Smart optimization in the In-depth scan, I meant this:

FYI to others. The setting exists under ThreatSense -> Other settings for On Demand In-Depth scan profile,

[itman 1,667]

18 minutes ago, Marcos said:

Cancelling a registry scan may take minutes if a big file referenced in the registry is being scanned at the moment.

As I posted previously, ping.exe (22 KB) was being scanned when I attempted to cancel the scan in non-Admin mode. No problem at all cancelling the scan in Admin mode.

[simplicissimus 2]

On 10/23/2023 at 8:43 PM, Marcos said:

I've prepared a pack with older modules for you to test. Please carry on as follows:

1, Download the archive oldmodules.zip from

2, Extract the archive to a disk.

3 Start Windows in safe mode.

4, Copy the extracted dll files directly to "C:\Program Files\ESET\ESET Security\Modules", e.g. to "C:\Program Files\ESET\ESET Security\Modules\em003_64.dll", etc. Leave the other subfolders intact.

5. Start Windows in normal mode.

6. Run a scan that took long with the original modules.

7. Let us know about your findings whether the scan with the old modules took less time.

8, Start Windows in safe mode and delete the old dll modules.

9. Start Windows in normal mode.

 

Hello,

I did what you suggested.

Short version: I copied the 3 files from the file "oldmodules.zip" (em003_64.dll, em004_64.dll, em005_64.dll) to the folder "C:\Program Files\ESET\ESET Security\Modules". After that I have a full scan (custom scan -> deep scan -> as administrator).

Result: With the 3 files from the file "oldmodules.zip" everything works fine again.

With the three dll files from "oldmodules.zip" the scan took = 3965 sec. (01:06:05)

Without these files with the original version 16.2.15.0 the scan needs = 16711 sec. (04:38:31)

I hope this helps.

[Marcos 5,085]

This mea

9 minutes ago, simplicissimus said:

Result: With the 3 files from the file "oldmodules.zip" everything works fine again.

That means recent changes in the archive module (support for new archivers and packers added), advanced heuristics (improved code emulation), or cleaner (more locations to scan and clean) resulted in increased scan time which is rather expected (you would not want us to stop adding support for new packers that are misused to pack/protect malware to evade detection). Since we don't know yet which of the 3 modules has the biggest impact on scan time, please install the old modules again but always remove one of the 3 in safe mode before running a scan and try to narrow it down to the one that has biggest impact on scan time.

[itman 1,667]

As far as I am concerned, I know what the issue is. First, a review of Smart and In-depth profile ThreatSense parameters as shown in the On-Demand scan option. The difference between the two profile options is;

Smart scan - Archives are not scanned. Smart Optimization is enabled.

In-depth scan - Archives are scanned. Smart Optimization is disabled.

The registry scan time for both profile options is the same; approx. 2 min..

Now for the Custom scan option.

The Smart scan profile results in regards to registry scan time is the same as that for On-Demand Smart scan - approx. 2 mins. The In-depth registry scan time is well, in hours. What Eset is doing in the registry scan is beyond me and I don't really care at this point.

If you wish to perform an In-depth scan, do so from the On-demand scan option selecting the In-depth scan profile.

[Marcos 5,085]

When running an in-depth scan, both fileless registry entries and referenced files on the disk are scanned without using cache and regardless of the whitelist status which is why in-depth scans take hours.

[itman 1,667]

1 minute ago, Marcos said:

When running an in-depth scan, both fileless registry entries and referenced files on the disk are scanned without using cache and regardless of the whitelist status which is why in-depth scans take hours.

Re-read what I just posted.

There is no issue with In-depth profile registry scanning when done from the On-demand scan option. Therefore the issue is not with the In-depth scan profile since the same profile is supposed to be used in a Custom scan.

[itman 1,667]

Below are the scan log entries from two test scans I ran today. Both scans ran for approximately the same time till I terminated then.

Custom scan using In-depth profile - Eset still scanning registry entries at time of scan termination;

Time;Scanned folders;Scanned;Detected;Cleaned;Status
10/24/2023 10:28:43 AM;Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\;E:\Boot sectors/UEFI;E:\;G:\Boot sectors/UEFI;G:\;H:\Boot sectors/UEFI;H:\;3990;0;0;Interrupted by user

On-demand scan using In-depth profile - Registry scanning completed and Eset scanning WMI entries at time of scan termination;

Time;Scanned folders;Scanned;Detected;Cleaned;Status
10/24/2023 2:27:42 PM;Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;E:\Boot sectors/UEFI;C:\;D:\;E:\;WMI database;System registry;16036;0;0;Interrupted by user

Note the difference is scan parameters generated by Eset.

 

 

[Purpleroses 21]

How do you do a on demand scan rather then a custom scan?

[itman 1,667]

1 hour ago, Purpleroses said:

How do you do a on demand scan rather then a custom scan?

On-Demand scan option is the default when you select "Scan my computer" via Eset GUI.

If you wish to change it from the default Smart profile scan, you would first have to enter Advanced setup mode in the GUI. Then select Malware Scans option. At this point, the On-demand scan options are presented. Change Selected profile option to In-Depth and save your changes. Exit Advanced setup mode and now select Computer scan -> Scan my computer.

Once the scan is completed, you can repeat the above and change profile option back to Smart mode if you so desire.

Edited October 24, 2023 by itman

[Tio 0]

So its almost been 2 days ( maybe 3) since I set on in detph scan, the scan is still running at 5 hours 1454 scans objects. I dont know what to say, its a good think that I Know its out of malware , man for a product that I paid for ?? C'mon 

[Marcos 5,085]

If it's taking too long, don't use an in-depth scan. It's expected that an in-depth scan lasts for a day or so since it scans the system deeply while ignoring cache and whitelist status of files.

 

[Fox Mulder 1]

44 minutes ago, Marcos said:

If it's taking too long, don't use an in-depth scan. It's expected that an in-depth scan lasts for a day or so since it scans the system deeply while ignoring cache and whitelist status of files.

 

Marcos, I'm sorry, but I think you still don't understand what our problem is.
It is not about the total length of the deep scan (when absolutely everything is tested, including the contents of the archives), but the fact that the deep scan stops for a very long time on one scanned file to which the registry refers. This particular file is a few KB and ESET tests it for tens of minutes to hours, as user Tio writes. Even adding new packers cannot affect this file, as this file is not an archive and even if it was, it is only in the order of KB, it would have to be tested in a few seconds.
In addition, if the mentioned file(s) was previously tested by ESET in seconds and now hangs on it for tens of minutes to hours (on a single file referencing from the registry), there is probably something wrong with ESET.

I mentioned this exact same problem earlier in the Czech part of the forum. And since this problem manifested itself for me again, I will send the requested logs to the Czech part of this forum.

[simplicissimus 2]

17 hours ago, Marcos said:

This mea

That means recent changes in the archive module (support for new archivers and packers added), advanced heuristics (improved code emulation), or cleaner (more locations to scan and clean) resulted in increased scan time which is rather expected (you would not want us to stop adding support for new packers that are misused to pack/protect malware to evade detection). Since we don't know yet which of the 3 modules has the biggest impact on scan time, please install the old modules again but always remove one of the 3 in safe mode before running a scan and try to narrow it down to the one that has biggest impact on scan time.

Hello,

again I have performed a full scan (custom scan -> deep scan -> as administrator) and I think I have identified the responsible file that is causing the long scan.
The biggest impact on scan time has this file: em005_64.dll

If the file "em005_64.dll" from the archive "oldmodules.zip" is located in the folder "c:\Program Files\ESET\ESET Security\Modules\", the scan will take about 1 hour (3905 sec. (01:05:05)).

If the file "em005_64.dll" from the archive "oldmodules.zip" in the folder "c:\Program Files\ESET\ESET Security\Modules\" is missing, then the scan will take almost 5 hours (16711 sec. (04:38:31)).

The other two files (em003_64.dll and em004_64.dll) from the archive "oldmodules.zip" do not seem to have any influence on the scan duration.

 

 

Maybe this will help ...

[Marcos 5,085]

Yes, we have pinpointed it to the Cleaner module, in particular, to recent changes in the registry value parser which ineffectively parses certain registry values with many tokens and that unnecessarily prolongs the scan time. We expect a new version of the Cleaner module addressing this issue to be available on the pre-release update channel in approximately 1 week. Also I'd like to mention not to pay much attention to the file displayed in the scanner window as it's the last file that was successfully scanned.

[itman 1,667]

44 minutes ago, Marcos said:

Yes, we have pinpointed it to the Cleaner module, in particular, to recent changes in the registry value parser which ineffectively parses certain registry values with many tokens and that unnecessarily prolongs the scan time.

If it was related to an Eset module, one would expect the same erratic Custom scan In-depth profile behavior to manifest when using the In-depth profile for a default scan which is not the case.

Some other undisclosed scan behavior is occurring when a Custom scan is being used which needs to be fully disclosed. For example, the registry option should not be selected when performing a Custom scan.

Edited October 25, 2023 by itman

[Marcos 5,085]

5 minutes ago, itman said:

If it was related to an Eset module, one would expect the same erratic Custom scan In-depth profile behavior to manifest when using the In-depth profile for a default scan which is not the case.

Actually I reproduced it using a custom scan -> in-depth profile.

6 minutes ago, itman said:

Some other undisclosed scan behavior is occurring when a Custom scan is being used which needs to be fully disclosed. For example, the registry option should not be selected when performing a Custom scan.

No scan targets are selected by default for a custom scan, however, you can select targets for a particular on-demand scanner profile in the advanced setup and save the profile settings with targets.

[itman 1,667]

2 minutes ago, Marcos said:

Actually I reproduced it using a custom scan -> in-depth profile.

Err ...... I would expect so since this issue started with this scenario.

Modify default scan profile for the default scan to In-depth and run a default scan as I instructed here: https://forum.eset.com/topic/38442-long-scanning-time-after-laptops-falls-a-sleep/?do=findComment&comment=174265 .

[itman 1,667]

11 minutes ago, Marcos said:

No scan targets are selected by default for a custom scan,

Refer to the below screen shot. Note the Scan button is greyed out? You can't perform a Custom scan w/o selecting one or more objects to be scanned. This BTW just might be the issue with the Custom scan option;

[itman 1,667]

As far as I am concerned, the Eset Scan GUI processing needs to be revised.

When the user selects Computer scan option, the next screen displayed shows all the available scan profile options;

Quote

Scan Type:

x   Smart computer scan(Default) *

_   In-depth computer scan **

_  Custom scan

_  Context menu scan

* Archives not scanned and Smart optimization technology deployed

** Archives scanned and Smart optimization technology not deployed

 

             Scan                           Scan as Administrator

If Smart or In-Depth, options are selected, the scan starts immediately. If Context menu or Custom scan selected, its associated screen is displayed next.

Additionally, Eset documentation needs to be revised to note that Custom scan is to be used only for scanning select option sub-categories and not for a full system scan.

Edited October 25, 2023 by itman

[itman 1,667]

Actually, existing Eset on-line help alludes to the fact Custom scan option is not to be used for full disk scans;

Quote

Custom scan launcher

You can use the Custom Scan to scan operating memory, network, or specific parts of a disk rather than the entire disk. To do so, click Advanced scans > Custom scan and select specific targets from the folder (tree) structure.

https://help.eset.com/essp/16.2/en-US/idh_page_scan.html?idh_scan_target.html

Edited October 25, 2023 by itman

[Rodrigo Montecinos 0]

I'm also having the same problem, in fact I posted it here: 

it only happens when I do a deep custom scan, it freezes randomly and even if I hit the pause or cancel button nothing happens, in the end I have to restart. The quick scan works without problems, and as most comment, this started happening in the latest version of Eset, it never happened to me before. 

Edited October 27, 2023 by Rodrigo Montecinos

[Tio 0]

So we are waiting for a newer version ? What happened