Jump to content

ESET Endpoint Antivirus Spiking Memory on Windows XP


Recommended Posts

I am currently trying to troubleshoot an ongoing problem at a client site - I haven't contacted ESET Support yet, but am getting there - I have a series of 7 Windows XP computers that suddenly are showing ESET Endpoint Antivirus (version 5.0.2126) , in an "idle" state, is consuming some 444k kb in RAM.  The computer itself is unable to function in this manner, so I have only been able to do minimal troubleshooting without booting into Safe Mode - of course in Safe Mode ESET isn't functioning so everything is fine.

 

In Task Manager, ekrn.exe is at the top of the list for CPU usage as well.

 

I uninstalled Endpoint Antivirus and replaced it with NOD32 Business Edition, and everything is fine as well -

 

There are no scans running.  The startup scan at logon is disabled and the other scans are scheduled.

 

Anyone else have this problem or have any ideas as to what might be causing it?

 

 

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

- download Procdump

- when you notice that ekrn consumes a lot of RAM (e.g. > 150 kB), create a complete application memory dump by running "procdump -ma ekrn"

- compress the dump, upload it to a safe location (we can provide you with access to ESET's ftp server) and pm me the download link

Link to comment
Share on other sites

Having some troubles with this -

 

The PC, in normal mode, is so jammed up that I cannot run or download anything.  I attempted to even send procdump to the PC via FTP, and it fails.  Of course this means I also cannot open the Internet to download the program.  I also cannot open SysInspector.

 

I have rebooted into Safe Mode, and generated a SysInspector file, but I'm not sure if it will contain the information you require as I have ran it in Safe Mode - I am trying to run Proc Dump in Safe Mode as well with the following:

 

Start -> Run and entered the following C:\procdump.exe -ma ekrn

 

A command line interface appears for a moment, and then dissappears. 

 

Should I run a different command?  I'm assuming I have to pipe in a command that will output the data to a .txt file or something of the sort?

Link to comment
Share on other sites

Nevermind, I see what is happening - the ekrn process is not running in Safe Mode.  When I run ProcDump via command line I get the following:

 

C:\>procdump.exe -ma ekrn

 

ProcDump v6.00 - Writes process dump files
Copyright © 2009-2013 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

No process matching the specified name can be found.

Try elevating the command prompt or using PsExec to make one as SYSTEM.
        psexec.exe -s -d -i cmd.exe
        procdump.exe -accepteula ...

C:\>

Link to comment
Share on other sites

  • ESET Moderators

Hello LocknetSSmith,

 

have you managed to resolve the issue?

Could you please try to update it to most current one (5.0.2214)?

In case you are unable to boot to the normal mode use the ESET Uninstaller in the Safe mode.

 

Does the issue persists after the update?

 

Please let us know.

 

Regards,

Link to comment
Share on other sites

Peter,

 

I have an open case with this issue with ESET Partner Support - I didn't think it wise to post the case # in a public forum, but if you would like it, I can send it to you via private message - either way they are aware you are assisting and have deferred to your expertise. 

 

Here is an update -

 

As I mentioned I was unable to obtain a ProcDump.  When I tried to run this in Normal Mode, the computer was so frozen up that I could not do anything, literally.  I rebooted the PC into Safe Mode, which allowed me to at least run SysInspector (I have submitted this to ESET Support under the given case #.

 

In order to get the computer functioning again, I did run the ESET Uninstaller in Safe Mode.  I then tried to install ESET Endpoint AV using a fresh download from eset.com.  I attempted to check the endpoint into my MSP Remote Administrator, but before I could do this, it appeared ESET started a scan once again, and the computer froze up once again.

 

I then hard booted and went into Safe Mode, ran the ESET Uninstaller again, and restarted into Normal Mode. 

 

Next I downloaded and installed ESET NOD32 Business Edition.  The computer began functioning properly at this point, and as of 20 minutes ago when I spoke to the client, is still functioning fine.  I was able to check it into my MSP Remote Administrator - when I found that installing NOD32 resolved the issue for this computer, I followed suit on the other six Windows XP computers that were freezing up.

 

Even though I emailed the SysInspector snapshot to ESET Support, I would be happy to send it to you as well if you like, or I can upload it to SkyDrive and provide you a link to download if you prefer. 

 

This is very mind bending!  I literally have ESET Endpoint Antivirus deployed to hundreds of Windows XP computers.  This particular client with these specific 7 Windows XP computers are the only ones that froze up like this.

Link to comment
Share on other sites

  • ESET Moderators

Hello LocknetSSmith,

 

SysInspector creates an static snapshot so it doesn't allow us to analyze such cases much, although it is really valuable source of information.

The only think we could do with it is to search for drivers and applications that are causing issues when installed on the same system for example other resident AV or to create virtual machine with very similar SW environment.

In such case full memory dump would be helpful, but if you have opened a support case with ESET Support just resolve it with them and let us know. I am really interested in what is causing the issue.

 

Thank you.

 

Regards,

Link to comment
Share on other sites

  • 1 month later...

Please carry on as follows:

- download Procdump

- when you notice that ekrn consumes a lot of RAM (e.g. > 150 kB), create a complete application memory dump by running "procdump -ma ekrn"

- compress the dump, upload it to a safe location (we can provide you with access to ESET's ftp server) and pm me the download link

Hello I am also battling with ESET 3.0.695.0 concerning CPU usage under XP 32bit service Pack 3

with I admit a abit a weak machine Pentium 4 with 1GB RAM but until recently it worked fine and smoothly.

According to

Regards

CC

Link to comment
Share on other sites

 

Please carry on as follows:

- download Procdump

- when you notice that ekrn consumes a lot of RAM (e.g. > 150 kB), create a complete application memory dump by running "procdump -ma ekrn"

- compress the dump, upload it to a safe location (we can provide you with access to ESET's ftp server) and pm me the download link

Hello I am also battling with ESET 3.0.695.0 concerning CPU usage under XP 32bit service Pack 3

with I admit a abit a weak machine Pentium 4 with 1GB RAM but until recently it worked fine and smoothly.

According to hxxp://www.wilderssecurity.com/showthread.php?t=207359&page=13 I modified a few parameters in the real time file system protection

but I would be glad if You could give some feedback on this annoying problem.

Regards

CC

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...