Jump to content

ESET freezing Firefox downloads at the end


shought

Recommended Posts

Whenever I download any file with Firefox at the very end (when the download is 'finished') ekrn.exe (the ESET kernel) will use 50 % CPU (one core) and it'll take 3-10 second before I can use Firefox again (there's not stutter or anything, just no reaction at all in this time period).

With IE there is a CPU peak in the ekrn.exe process, but it reaches 25% max and then goes down, after barely a second. I've been having this problem for as long a long time, always thought it was because of something on my PC and was too lazy to find out, but now I reinstalled Windows 7 and it's still there, so...

I've checked Firefox in Safe Mode, same problem. I've disabled ESET, problem gone.

I excluded Firefox from protocol filtering: problem slightly changes, rather than scanning the file after it is 'finished' (which is what it did before) it will scan the file before I press 'Download' (Firefox is already downloading the file in the background) and I'll only be able to press Download after it finishes.

I've also disabled the Web access protection, but that didn't do any good (no change in the problem at all).

I've set the scanWhenDone-value in about:config to False, no change.

I just can't understand why it would take ESET up to 10 seconds when downloading any file with Firefox where it just takes one second with IE (and no actual freeze).

System information:

Windows 7 x64 Ultimate
ESET NOD32 Antivirus x64 4.2.42.0
Mozilla Firefox 3.6.3

AMD Athlon 64 X2 4800+ @ 2.50 GHz

Link to comment
Share on other sites


  • Replies 53
  • Views 3.6k
  • Created
  • Last Reply

Whenever I download any file with Firefox at the very end (when the download is 'finished') ekrn.exe (the ESET kernel) will use 50 % CPU (one core) and it'll take 3-10 second before I can use Firefox again (there's not stutter or anything, just no reaction at all in this time period).

With IE there is a CPU peak in the ekrn.exe process, but it reaches 25% max and then goes down, after barely a second. I've been having this problem for as long a long time, always thought it was because of something on my PC and was too lazy to find out, but now I reinstalled Windows 7 and it's still there, so...

I've checked Firefox in Safe Mode, same problem. I've disabled ESET, problem gone.

I excluded Firefox from protocol filtering: problem slightly changes, rather than scanning the file after it is 'finished' (which is what it did before) it will scan the file before I press 'Download' (Firefox is already downloading the file in the background) and I'll only be able to press Download after it finishes.

I've also disabled the Web access protection, but that didn't do any good (no change in the problem at all).

I've set the scanWhenDone-value in about:config to False, no change.

I just can't understand why it would take ESET up to 10 seconds when downloading any file with Firefox where it just takes one second with IE (and no actual freeze).

make sure you're using v4.2.40

- if you have a SINGLE core CPU, like me that happens.... :(

- Firefox v3.6.x

- Dual cores (1st gen CPU included) will be just fine. =)

Link to comment
Share on other sites


Windows 7 x64 Ultimate

ESET NOD32 Antivirus x64 4.2.42.0

Mozilla Firefox 3.6.3

AMD Athlon 64 X2 4800+ @ 2.50 GHz

Link to comment
Share on other sites


  • Administrator

Use IDM. :P

I cannot think anything else than about:config thingy you already tried. Well, there were days on my old PC when this used to happen. Same old 10-15 secs hang and eset processing taking 100% at that time.

Try disabling advanced heuristics in ESET.

Link to comment
Share on other sites


DreamHaters

Yeah i have the exactly same problem, but never really thought it was ESET that might of been causing the problem.

I thought at first it was Firefox's virus scanner when ever a download is complete.

Link to comment
Share on other sites


  • Administrator

It uses your default scanner. But actually I have no idea how Firefox knows that what's your default scanner? I think it's more like AV auto scans everything (you download) anyway. :unsure:

Link to comment
Share on other sites


Windows 7 x64 Ultimate

ESET NOD32 Antivirus x64 4.2.42.0

Mozilla Firefox 3.6.3

AMD Athlon 64 X2 4800+ @ 2.50 GHz

Try installing a addon call "Tweak network settings" after install

Tools > Tweak network settings > click on power > apply > restart FireFox

- it's say it's in experimental but it ain't Mozilla Addons staffs are being stupid since 3.6 this addon has been in experimental category

hope that would help

- it also speed up web page loading. i been using it since FF v3.0 =)

Don't forget, most famous Web Browsers do NOT support 64 bits.

sadly lots of software don't =\

Link to comment
Share on other sites


Now that shought mentioned it, i think i too might have this kind of problem when downloading executables.

Link to comment
Share on other sites


@ Leet

Thanks mate! :) But woudn't that defeat that fact of having an anti-virus <:huh:??

Link to comment
Share on other sites


@ Leet

Thanks mate! :) But woudn't that defeat that fact of having an anti-virus <:huh:??

Nah neither of those disable realtime protection. Advanced heuristics is just a fancy term to mean "think hard while coming up with a good guess". A true virus will be picked up no matter what because its signature will be in the database used by the realtime scanner and other scanner modules.

Link to comment
Share on other sites


Use IDM. :P

I noticed the same thing. When Internet Download Manager downloads a file, there is no slowdown by ESET. But when Firefox finishes downloading even a small file, the progress bar just keeps going from left to right over and over again while ESET scans the file.

Link to comment
Share on other sites


This is something that I have known of since version three of ESET.. I have just learned to deal with it.. I figure that IF I want to protect my computer and keep it clean that I just simply have to pay the price.. Even with single core chip.. I have mine setup to basically unpack and scan everything.. If it can stop a threat before it actually enters and is whole.. while in Memory.. and is gone at that point.. then ESET is working well to do its job..

NOW... that being said.. This is something I have noticed when installing OSes and accessing files via a network drive for programmatic installation.. When there is no protection installed... of any kind... FF still says its is scanning for Viruses.. I am not for sure if this is just the function of the browser looking for one or what .. but it still does it... in some cases.. however in this instance the disable scanning thing in the about:config works..

Anyway yeah all of my browsers and every bit in and out is scanned.. as best I know.. I have always wondered about the ports thing though and how to just cover it all..

Link to comment
Share on other sites


Try disabling advanced heuristics in ESET.

Already did that (in the web access protection module).

It uses your default scanner. But actually I have no idea how Firefox knows that what's your default scanner? I think it's more like AV auto scans everything (you download) anyway. :unsure:

The setting in Firefox is useless, I believe...

Set this.

rkopxw.png

And disable advanced heuristics from this page.

2i9oxoh.png

First one I already did, second I'll try now. (Didn't spot that option before, I hate it how ESET has the same options at like 4 different places, lol.

Edit: thanks Leet, disabling Advanced heuristics in there seems to have influenced the problem. It's not gone, but it takes far less time (close to the second in IE).

I guess this is 'problem solved' for now, but I'd still say there's something wrong as IE works just fine with Advanced heuristics enabled.

Link to comment
Share on other sites


@ shought

If the suggestions posted above don't completely solve your issue, you could clean up your temp files and try the following:-

Option # 1

http://support.mozil...d+or+save+files

Option # 2

Disable 'Self-extracting archives' under 'Web access'

Option # 3

Disable 'SFX archive' by hunting through 'Real-time file system protection' ---->> 'Advanced setup' ---->> "Additional TS parameters for newly created / modified files'

Option # 4

Disable 'Real-time' temporarily (to narrow down your diagnosis.)

The above 4 suggestions should work either singly or jointly. Sorry no screenshots, today (don't have an antiVirus installed . . . . ) :P

Link to comment
Share on other sites


Thanks dsc.

Disabling Advanced heuristics solved it 'enough' for me now :P

As I said before disabling ESET (realtime) solved it as well. Haven't had a look at the SFX Archive and Self-extracting archives yet, but it happens with EXE's, .RAR, .ZIP, even big images.

I filed a bug report at Mozilla now, I'm pretty sure Firefox is the issue here, not ESET (since IDM, IE, Chrome, Opera work just fine).

Link to comment
Share on other sites


If they fix this one I will be surprised... This has been a plague for FF for years.. Truthfully I think it has something to do with some of the internals for FF.. much the same way that eventual slow starts occur, and some of the other little annoyances..

Link to comment
Share on other sites


The setting in Firefox is useless, I believe...

shought the setting in firefox is useless, but it also isn't useless. Now I'm talking like you :)

Since I'm not sure what context of useless you mean. I'd say it is useless to mean I wish it wasn't there because I don't see the point in having it. Nobody knows how well it really works and I suspect it often results in double scanning because the browser will try to scan the same file then the real time scanner will also scan it at the point where the file is written to the disk. We don't even know which scanner it looks for or what it uses, I really hate that setting, I wish they would take it out.:angry:

However it isn't useless if you mean firefox ignores the setting itself, firefox pays mighty attention to that setting and in 3.7 that setting will also control whether FF obeys the software restriction policies in Windows. That's a good thing because it means when we disable it in 3.7 it will also get rid of that stupid confirmation box that shows up when you try to run an unsigned exe file.

The reason FF might take longer than other browsers might have to do with the way it saves files. From what I have noticed, FF writes to a .part file then copies it over to the real file name which is 2 new file writes and multiple file modifications and reads, whereas IE writes 1 file and fills in the bytes into the same file till it's done. Newly created files receive the most attention from most AV software so FF requires twice the time to do the same file download. This is my theory, I have not really done any extensive testing.

In my settings page you will also notice I capped the max zip file scanning to 5MB files, I did the same thing for every scan module in ESET because I don't want it trying to extract and scan zip files bigger than 5MB. I also set the nesting level to 1 to avoid scanning zip files that are inside zip files.

Link to comment
Share on other sites


The reason FF might take longer than other browsers might have to do with the way it saves files. From what I have noticed, FF writes to a .part file then copies it over to the real file name which is 2 new file writes and multiple file modifications and reads, whereas IE writes 1 file and fills in the bytes into the same file till it's done. Newly created files receive the most attention from most AV software so FF requires twice the time to do the same file download. This is my theory, I have not really done any extensive testing.

In my settings page you will also notice I capped the max zip file scanning to 5MB files, I did the same thing for every scan module in ESET because I don't want it trying to extract and scan zip files bigger than 5MB. I also set the nesting level to 1 to avoid scanning zip files that are inside zip files.

Twice as long, yeah, but not times 10 as long :P Still I'll add this to the bug report ;)

I did this as well, max size: 3 MB, max time: 9 seconds :P

It'll be scanned before I execute it anyway and I really don't mind having the occasional virus :D

Oh yeah, you did sound a little like me there :rolleyes:

@Bizarre

THEY WILLL, GRRRAWWW

Link to comment
Share on other sites


...then one day a little boy who decided to write code just to show those guys how to make it; since it corrupted his porn download... shows up as a man and rewrites the core and all aspects of the browser and we all live happily ever after..

...FIN

Link to comment
Share on other sites


  • Administrator

Nah neither of those disable realtime protection. Advanced heuristics is just a fancy term to mean "think hard while coming up with a good guess". A true virus will be picked up no matter what because its signature will be in the database used by the realtime scanner and other scanner modules.

Not always true. What about in the case of a 0-hour threat?

Advanced Heuristics in ESET is essentially an emulator that is aware of behaviour patterns of malware. Its much more powerful than ESET's standard heuristics (code analyser)

Link to comment
Share on other sites


Well there are always tradeoffs. No guarantee the advanced heuristics will pick up the zero hour threat either. In the end it is a tradeoff, performance vs higher protection. The advanced heuristics I suggested to disable is only for newly created files, files you download from a known source, the user has to accept the file so they must be aware of whether they are downloading a trusted file or a virus. Some level of user competence is obviously required here. I think ESET has faith in their regular heuristics to pick up any "in the wild" viruses because advanced heuristics is disabled by default in the realtime scanner module and the documentation suggests that enabling it in there would adversely affect system performance.

Advanced Heuristics can still be left enabled in the web scanner module, assuming that the internet is the source for any zero hour threats.

If your computer allows a remote threat to save itself to your computer then you have bigger problems to worry about than advanced heuristics being turned off for newly created files.

Link to comment
Share on other sites


Nice words there LeetPirate.

The thing is enabling Advanced heuristics in real-time would be useless, for any AV (should) work(s) under the assumption that it is installed on a clean system and if not it is used to clean the system first. I believe there is no way a virus can get in with Advanced heuristics for file creation (and execution of files from removable storage media) enabled.

I do start to wonder though, does this include CDs and DVDs, and how about network drives? Network drives should be clean because of the assumption of a clean system (assumption applies to all systems in the network, I guess) and I guess CDs and DVDs do count as removable storage media (although I always think of USB stuff or memory cards when talking about that, but obviously CDs are removable storage media as well :P).

As I said before I don't mind getting the occasional virus, is fun, challenge to remove it (still I probably won't get any)...

@Lite

ESETs heuristics have always been outstanding, I agree, it is a loss disabling them :)

Link to comment
Share on other sites


  • Administrator

I believe there is no way a virus can get in with Advanced heuristics for file creation (and execution of files from removable storage media) enabled.

I do start to wonder though, does this include CDs and DVDs, and how about network drives? Network drives should be clean because of the assumption of a clean system (assumption applies to all systems in the network, I guess) and I guess CDs and DVDs do count as removable storage media (although I always think of USB stuff or memory cards when talking about that, but obviously CDs are removable storage media as well :P).

Malware can always get onto a system, there is no such thing as 100% detection. Heuristic detection is always going to be lower as a percentage than signature nature (simply by its nature). Behaviour blocking/ monitoring can potentially yield 100% protection, however there will be massive trade offs.

Removal media involves anything that can be physically removed from a system while running. Network drives i don't think come into this group.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...