Jump to content

Slowness on startup with exclusion of network folders


Recommended Posts

Good afternoon.
I've found an annoying problem with Eset Smart Security (version 9.0.349.14): ever time that I start my pc and my nas is powered on, I have to wait some minutes before having the os ready to work. If I start it with the nas powered off, the os is immediately available.

After a lot of test and analysis, I've found that the problem is located in the files added to the exclusion list: in the paths that I've excluded from scan there is a file located in a network folder in my nas (see attached file Exclusion_list.PNG) an this is causing the delay in the startup. I don't know why, but the ESET Service (ekrn.exe) try to access all the files and folders in the exclusion list to get some information, regardless to the fact that they should be excluded from analysis.

The problem with network folders or files is related to the account used by Eset Service: Local Sytem account doesn't have any kind of permission to connect to the network. The only connection to the nas that it tries is the anonymous one, and obviously and, for security reasons, this is refused by the most of nas' configurations.

When the nas is powered off, all the network connections are immediatelly closed by the os and you need only few seconds to complete the startup of the service. When the nas is powered on the situation is totatlly different: every connection is opened by the os and you have to wait for a time out because it's refused by the nas. This cause a pause of some minutes before getting the os ready to be used, and the time depends on the number of files and on the structure of the excluded folder.

In fact the process ekrn.exe try to open every single component of the path a recursive way. In my example, the excluded path is \\nas1\SOFTWARE\Folder1\Folder2\Folder3\Folder4\file.txt and the process ekrn.exe try to connect to (in order):

  1. \\nas1\SOFTWARE\Folder1\Folder2\Folder3\Folder4\file.txt
  2. \\nas1\SOFTWARE\Folder1\Folder2\Folder3\Folder4
  3. \\nas1\SOFTWARE\Folder1\Folder2\Folder3
  4. \\nas1\SOFTWARE\Folder1\Folder2
  5. \\nas1\SOFTWARE\Folder1
  6. \\nas1\SOFTWARE
  7. \\nas1

Obviously the system has to wait for a time out for each of the subfolders in the path: the deeper is your path, the longer you have to wait!
You can find the examples of what's happening during a startup of my pc in both the situations (nas powered off and on) in the attached print screen of a procmon boot capture, together with the elapsed time.

To complete the information, this behavior is not limited to network files or folder. During my tests with procmon , I've seen the same behavior with all the files or folders in the exclusion list. It's only with network related files or folder that the problem becomes visible.

I've also tried to change the account of Eset Service from Local System to my account (that has connection rights on the nas) and it works. The problem with this configuration is the GUI (egui.exe) that refuses to start making the software impossible to be used.

Is there any way to fix this problem?

I really don't understand the reason why an excluded file should be accessed during startup. Is there any plan to modify this behavior?

Thanks for your support.
Alessandro

post-10521-0-00520700-1453050809_thumb.png

post-10521-0-93071100-1453050818_thumb.png

post-10521-0-62672100-1453050826_thumb.png

Link to comment
Share on other sites

  • 3 weeks later...

Hi.
Sorry for the delay in the answer. I've sent you a pm with the url to the requested logs.
I had problems with Eset Log Collector specifically with SysInspector. In fact SysInspector's process stay in "suspended" status and it never completes its execution. I've also created a virtual lab to test it in a clean environment (fresh installation of Windows 10 without any additional software, only windows update) without any change: Eset have the already slowness problems and SysInspector never finishes.
I've sent you pml logs, Eset Log Collector without SysInspector and a print screen of resource monitor with SysInspector status.
 
To complete the information, the file system of my NAS is NTFS.
 
Thanks

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

No. It's not something that can be changed within a few days. Also I can't 100% tell now if this is something that could be "fixed' automatically via a module update or if it will require changes in the product itself. If the latter, then it may take several months before ESET version 10 becomes available.

Link to comment
Share on other sites

Ok... thanks for your answer.

 

I've a NAS that is always on and I've some folders on it that should be excluded from scanning: as you can imagine, I can't wait every time some minutes for boot.

I was evaluating ESET's product but, unfortunately, this feature is very important for me and so I've to look for another antivirus.

 

Anyway, thanks for your support.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...