Jump to content

Real-time protection hanging our builds

Recommended Posts

Hi there,


We have seen that when ESET real-time protection is used on our workstations, it blocks our build process when this one runs on more than one core.


Our build fails when we run it like:

cmake --build . --target WhatEver -- -j 4

In order to overcome this issue we have two options:


1- Run cmake only on 1 core (using the -j cmake flag)

2- Remove/comment libesets_pac.so from /etc/ld.so.preload


Anyone have encounter it before? What happens when we remove that line from the preload file? Is that disabling the real-time feature?





Link to comment
Share on other sites

  • 3 months later...

Despite NOD32's default configuration, which is very wrong and actually contradicts ESET's own stated policy, LD_PRELOAD should not be set globally, and certainly not for build processes.


The libesets_pac.so on-access scanner should only be used discreetly with anything that introduces objects into the system from outside, such as a mail server or web browser. It doesn't really make any sense for trusted components that operate entirely within the confines of the system, unless the means by which those components arrived on that system cannot be accounted for, and they have subsequently never been scanned.


In other words, once you've completed a full system scan, thereafter the only reason you'd need on-access scanning is when downloading anything new, or loading it from removable media, in which case you only need to attach libesets_pac.so to the processes that introduce those untrusted objects.

LD_PRELOAD=/opt/eset/esets/lib/libesets_pac.so /opt/firefox/firefox-bin

I recommend that you completely remove libesets_pac.so from /etc/ld.so.preload, and indeed that configuration file should be and remain completely blank, as I can't really imagine any scenario where redirecting libc calls globally would be a very healthy thing to do.


Selectively attach libesets_pac.so to all internet-facing services and apps, using init scripts and wrappers, and leave the rest alone, or you could end up with an unbootable system.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...