Jump to content

Archived

This topic is now archived and is closed to further replies.

drasp

100% disk usage in v8 & v9

Recommended Posts

Noticed over the last week that my HDD activity light has been on a LOT.  Been running NOD32 for many years now & always appreciated that in most cases I never noticed it "doing its thing".  Updated to v9 to see if that would change anything, but its back to maxing out my 3TB internal drive.  The # of objects in "protection statistics" does keep counting up, was north of 20,000,000 when I noticed it had no record of having done an auto scan since updating to v9, so I started one manually, which reset the object count.  Even as I type this, the ESET service is using ~15MB/s & ~80% of my big storage/media drive.  Is there any way to sort out if this is "normal" behavior, and why its taking so long!?  Was never aware of such long/sustained periods of high activity!!!

Share this post


Link to post
Share on other sites

Please drop me a pm and provide:

- information about the oper. system

- the output from ESET Log Collector (hxxp://support.eset.com/kb3466/)

- information if temporarily disabling real-time protection makes a difference

- a Process Monitor log from time when the issue occurs (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx).

 

You can upload larger logs in compressed form to a safe location and pm me the download link.

Share this post


Link to post
Share on other sites

Thanks Marcos!  Working on putting that together right now. . . will send as soon as I've got the logs.  :)

Share this post


Link to post
Share on other sites

Sent you a PM w/ the logs on 5/10, haven't heard back, did you get the PM?

Share this post


Link to post
Share on other sites

I see in the log that SysInspector was running while you had Process Monitor logging operations. I assume this is because you were collecting logs using ESET Log Collector at the same time.

 

Other than that, I don't see anything weird in the Procmon log. About 27,000 files were accessed by ekrn out of which 12,300 were jpg files that were not scanned like many other files. Do you mean that the problem goes away after temporarily disabling real-time protection?

Share this post


Link to post
Share on other sites

The problem never goes away, as I described in my original post, HDD activity for my large internal storage drive is near 100% all the time, with high CPU & memory usage, all with the ESET service listed as the #1 consumer.  

 

Protection statistics resets every time I reboot, but is currently upwards of 20,000,000 objects.  At this point I'm getting concerned about the wear & tear on my drive.  The activity light is on solid & I can hear the drive chattering away all day long, 24/7 unless I manually kill ESET. . .

Share this post


Link to post
Share on other sites

Same here.

After I uninstalled, it gets back normally.  Definitely your software bug.

Share this post


Link to post
Share on other sites

During the 5,5 min. period that you captured, 234 MB were read by ekrn out of which 101 MB was from jpg files. Try excluding e:\pictures from scanning and let us know if it makes a difference.

Share this post


Link to post
Share on other sites

Same here.

After I uninstalled, it gets back normally.  Definitely your software bug.

 

Please follow the instructions from my post #2 above.

Share this post


Link to post
Share on other sites

Yeah, I'd love a follow-up on this, hard to imagine that there is nothing wrong when I've got a secondary/non-OS optical drive suddenly @ 100% nearly all of the time when I'm away from the computer.  When I sit down & start to use it, it stops, then starts right back up a few minutes after I'm done using the machine.  

 

Under protection statistics, I'm showing 174,265,034 objects, which seems like an awfully lot more than I've got across all my drives.  Really seems like ESET is in some kind of weird "permanently scanning" loop, and as much as I've been loyal to ESET, I'm not willing to risk the health of a brand new 3TB drive letting it just constantly run @ 100%. . .

 

edit - Didn't see your reply.  I'll try excluding the pictures directory & report back.

Share this post


Link to post
Share on other sites

 

Same here.

After I uninstalled, it gets back normally.  Definitely your software bug.

 

Please follow the instructions from my post #2 above.

 

 

As I wrote, I already uninstalled cuz I was afraid that the software makes my SSD worn out.

The software horribly access drive C: and made my system super super slow, even I have low CPU usage (it was like 0~5 %) besides of 100% disk usage .

It was very difficult to uninstall by the way.

 

To me, this happened after Windows Update came (KB3156421), I stopped HIPS temporally but nothing happend.

next I stopped realtime scan temporally nothing changed neither.  So I decided to uninstall ESET and it works like a charm!

This is only what I can help about this topic.

 

And I don't feel like to go back ESET cuz I already had a nightmare-experience about it.

(Recover system, reinstall os... etc I already waste a whole day and the solution what I found was uninstall ESET.)

 

I just want to *vote* Mr.drasp's pain! 

Share this post


Link to post
Share on other sites

According to the Procmon log you provided, ESET wrote only 440 kB data in 5,5 minutes but it scanned 24,440 jpg files because of being opened by runtimebroker.exe. This probably also accounts for a bigger local.db database than usual.

 

As for RuntimeBroker.exe, I've found the following:

 

RuntimeBroker.exe is the medium process through which access to (Universal) / (Metro Apps) is granted. This means, that the process RuntimeBroker.exe runs the apps as the name suggests, on behalf of other apps. Some users have experienced issues with it where the process is consuming almost all or too much of the CPU which causes the system to go slow. We can disable it via Registry Editor and also via a setting that is constantly using RuntimeBroker.exe to make calls to Windows Update Settings from within the Updates.  Since this is a work around; we’ll still need to wait for Microsoft to release a patch or update for a permanent solution in future; when this happens, it will automatically push and apply the update provided that your Windows Updates are turned on.

 

Note: Disabling RuntimeBroker.exe will prevent the store apps from running. Users have also reported weird behavior when they have disabled RuntimeBroker.exe; so i would suggest you attempt the two other methods first and if they don’t help then disable RuntimeBroker. The two other methods are listed below. (Method 2 & Method 3)

Share this post


Link to post
Share on other sites

I don't believe I'm experiencing the RuntimeBroker.exe issue.  I know that the process DOES sometimes have high disk usage, but its NEVER happened when I'm using the system, or caused a system slowdown, so it doesn't seem to match the experience of other users who are having that issue. . .

 

As suggested above, I've excluded E:\pictures & found that at least during the first chunk of time it SEEMS to have made a HUGE difference in the HDD usage I'm seeing when away from the computer.  Will continue to monitor & report back. . .

Share this post


Link to post
Share on other sites

I don't believe I'm experiencing the RuntimeBroker.exe issue.  I know that the process DOES sometimes have high disk usage, but its NEVER happened when I'm using the system, or caused a system slowdown, so it doesn't seem to match the experience of other users who are having that issue. . .

 

As suggested above, I've excluded E:\pictures & found that at least during the first chunk of time it SEEMS to have made a HUGE difference in the HDD usage I'm seeing when away from the computer.  Will continue to monitor & report back. . .

The Process Monitor you've provided showed that runtimebroker.exe was actually accessing the jpg files which subsequently triggered a scan by real-time protection. It's a fact as it was logged; it was not ekrn.exe itself which scanned the files without a reason. Scanning such a big number of files will obviously have some impact on the amount of read data by ekrn.exe. Ekrn.exe read 8192 bytes from most of these 24,440 jpg files which is ~205 MB in total.

Share this post


Link to post
Share on other sites

So, problem seems to be solved since excluding those files from scanning, but that isn't really a "solution".  I know you're suggesting that ESET was only scanning b/c another program was looking at those files, but 24/7 100% disc activity has absolutely stopped with the only change made being excluding ESET on my E:/pictures directory, so whatever other programs may seem to be involved, the culprit for constant 100% disc load is ESET.  

 

Any ideas on a fix that doesn't require leaving a huge # of files un-protected?

Share this post


Link to post
Share on other sites

Please run the following command from the command prompt started with administrator rights:

wpr -start GeneralProfile

Then reproduce the problem. When done, stop logging by running:
wpr -stop trace.etl

 

Compress the log trace.etl and send it to me for further analysis.

Share this post


Link to post
Share on other sites

You want that log run w/ or w/o the exclusion of the E:\pictures directory in ESET?

Share this post


Link to post
Share on other sites

Hello Drasp,

 

as it seems, that excluding makes the problem go away please do the log without it, so it will capture the issue.

Share this post


Link to post
Share on other sites

Log is uploading now, I'll PM the link.  Thanks again.

Share this post


Link to post
Share on other sites

Had a chance to look at the log?  :)

Share this post


Link to post
Share on other sites

Hello?  Is this thing on. . .?

Share this post


Link to post
Share on other sites

Saw it'd been a full week since I submitted my log, no confirmation that it'd been received or was being analyzed.  Thanks for the reply - will hold on.  ;)

Share this post


Link to post
Share on other sites

Based on the log we recommend disabling Idle-state scan. We've found out that the process bzfilelist.exe which is probably a part of Blackblaze backup has opened / read from many files. Try pausing the backup and see if it makes a difference.

Please let us know about your findings.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...