Jump to content

Real time scan disabled, but ekrn busy on numerous files

Chris345

By Chris345
in ESET Endpoint Products

 Share

Recommended Posts

Chris345

Chris345 0

Posted
Posted

Hi,

 

we have product Version 6.4.2014.2 of Endpoint Antivirus installed on Win7, 64 Bit Pro.

I noticed in Ressource monitor that numerous ekrn processes are busy on the filesystem even though i disabled real time scanning.

I assumed that disabling real time scan would stop ekrn.exe from ruinning.

Even after restart of the machine there is no change. I verified that real time scan is still marked off.

 

Am I missing something or is it a  bug?

post-13575-0-62729700-1472734525_thumb.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,071

Posted
  • Administrators
Posted

That's not a bug. Ekrn.exe is the service that is responsible (not only) for scanning files by various scanners (real-time, web, email, on-demand, etc.). By disabling real-time scanner you disable scanning files by real-time protection but that does not mean that HIPS and other protection modules will stop receiving information about file operations. Disabling automatic start of real-time protection would probably do the trick, however, also HIPS and other protection modules will stop receiving crucial information and may not provide sufficient protection then.

 

If ekrn is constantly utilizing the cpu, create a complete application dump of ekrn (e.g. via the task manager but ideally through the MS tool procdump by running "procdump -ma ekrn") and provide it to me via a pm for further analysis. Also logs from ESET Log Collector might be helpful.

Link to comment
Share on other sites
Chris345

Chris345 0

Posted
  • Author
Posted

Hi,

 

Thanks for the quick answer.

Well, actually is both switched off: real time scan and hips. Only web and E-mail is active but that should not scan around in the system.

My problem is not high CPU load but a busy hard disk. Answer times in ressource monitor are about 32 ms in average.

Please see the screenshots attached. In the Resource monitor screenshot one can on hard disk 1 (C:, D:) the constantly high blue line,

which is caused - as I interpret the graph, by ekrn process.

 

The question is: How can i stop (temporarily) ekrn from doing anything, or at least that much, on the file system?

If I deactive real-time scan I do not expect a busy hard disk by the ESET service.

post-13575-0-38188000-1472813187_thumb.png

post-13575-0-71546400-1472813187_thumb.png

post-13575-0-57318800-1472813188_thumb.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...