New problem with depth-scan on-demand

[AlSky 4]

Hello to you all. I am writing here on the occasion of new problems with the on demand deep scan. Updated the ESET product to version 17.1.9.0 and then to version 17.1.11.0, the deep scan mode shows the hiberfil.sys, pagefile.sys and swapfile.sys sectors in the middle of the analysis result (see screenshot 1), when previously it was normal to show them at the end (see screenshot 2). In Smart Mode Analysis keeps displaying them at the end (see screenshot 3).

Since last fall there was also a problem with in-depth analysis affecting the Home Sectors/UEFI and WMI Database sectors, I proceeded to delete Cache enable and Pre-Release Update to force update again from there. I did a deep scan as an administrator excluding those sectors. I watched several things. First, the ESET product has scanned more than three million files, when in normal mode (not as an administrator) it usually does not exceed one million. I expected some difference, but not so bulky. And let’s remember that has not also analyzed the Start Sectors/UEFI and WMI Database.

Second, the analysis shows, once again, that hiberfil.sys, pagefile.sys and swapfile.sys keep appearing in the middle of the analysis result, while it seems to start again to scan. You can also see in the capture the number of objects analyzed, more than three million, almost triple the usual under normal scan (not as administrator) and is not finished (Screenshot 4).

There comes a time (more or less around 30 minutes after the start of the scan) when the number of files it says are scanned just stops, although you can see that it is still scanning files. At 20:06, 3,026,327 files analyzed (screenshot 5). At 20:46, 3,026,327 files analyzed (screenshot 6). That is, the same number as before, but you can see that the name of the file it’s scanning in each screenshot is different, that still runs as if you was actually scanning files. And it seems that it’s doing so because in Open Scan Window you see that some files are still being added to the scan list, files that cannot be opened [4] because they are in use. I mean, analyzing, it looks like it's analyzing. If the ESET product is repeating the scan of one or more sectors or if it is doing it now messy or both, I do not know. Only at the end of the scan, more than three hours after, shows the total number of files scanned: 3,172,570 (screenshot 7). It took three hours to scan from 3,026,327 to 3,172,570 files. I did the same enabling scan of Start Sectors/UEFI and WMI Database and it’s the same.

Is there a problem with deep scan again?

[Marcos 5,107]

1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1.

2, As an administrator, many more objects are scanned compared to a scan under a normal user.

3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. "
This is a normal behavior when scanning objects like the registry, WMI or larger archives.

[AlSky 4]

9 hours ago, Marcos said:

1, Regarding scanning of the files in the root of the C drive while scanning the c:\users folder, I assume this is due to multi-thread scanning introduced in v17.1.

2, As an administrator, many more objects are scanned compared to a scan under a normal user.

3, "when the number of files it says are scanned just stops, although you can see that it is still scanning files. "
This is a normal behavior when scanning objects like the registry, WMI or larger archives.

Adding information, I couldn't edit the previous message.

Thank you so much for answering, Marcos.

Two questions.

Why in the result of smart scan do the files hiberfil.sys, pagefile.sys and swapfile.sys continue to be showed at the end, but in the result of deep scan are shown in the middle of it?

Why do ESET spend almost three more hours scanning files even if it does not show an increase in the number of scanned files? As you can see in screenshots 5 and 6. 40 minutes and the number of files scanned was the same. So three hours like that, apparently analyzing something without showing an increase in the number of files analyzed. It's never happened to me before something like this. It could stop a few minutes (three, four minutes), but never three hours in which it apparently is scanning something but shows no increase in scanned files. This happens too if I disable the Home Sectors/UEFI and WMI Database sectors so they can't be scanned.

Thanks a lot. Best regards.

[Marcos 5,107]

4 minutes ago, AlSky said:

Why in the result of smart scan do the files hiberfil.sys, pagefile.sys and swapfile.sys continue to be showed at the end, but in the result of deep scan are shown in the middle of it?

Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that.

5 minutes ago, AlSky said:

Why do ESET spend almost three more hours scanning files even if it does not show an increase in the number of scanned files? As you can see in screenshots 5 and 6. 40 minutes and the number of files scanned was the same. So three hours like that, apparently analyzing something without showing an increase in the number of files analyzed. It's never happened to me before something like this. It could stop a few minutes (three, four minutes), but never three hours in which it apparently is scanning something but shows no increase in scanned files.

Does it happen if you disable also archives and SFX archives?

[AlSky 4]

5 hours ago, Marcos said:

Hard to say, probably smart optimization, the number of CPU cores and the type of scanned files has an effect on that.

Does it happen if you disable also archives and SFX archives?

Hi, Marcos. Thank you so much for answering.

What are the archives and SFX archives? English isn't my mother language. Can you post a screenshot of which I must disable in the scan to do the it?

Thanks.