As you can tell from the title, if your trying to Defrag your hard drive, shrink the volume or something like that you might have issues when you have the ESET security software (Anti-virus) installed. It took me a while and involved trawling online forums but I found the best option is to open up the ESET GUI, press F5 to open up the advanced options, go to HIPS, then disable the “Self-Defense” system. You’ll want to disable your Internet connection, just to be safe from any nasties. Reboot your computer, and now you should be able to shrink your drive, move / delete the ESET files or defrag your hard drive. Although I highly recommend you backup your drive first.
My Story
A little while ago I migrated my laptop from running on a spinning disk to installing a 1TB SSD. An M.2 Samsung 970 EVO Plus to be specific.
I finally got a new 8TB external drive for backups. I made an Acronis backup image then installed the Samsung Magician software which pointed out how I should enable Over Provisioning on my SSD. That’s where a section of the drive is made available to “Improve the performance and lifetime of the SSD“.
Basically if a small part of the drive is written to a lot then it’s likely to cause issues, so this is a way of allowing the hotspot to be moved around the physical location of the drive. At least, that’s my understanding.
I want my drive to last, so I attempted to use the Samsung Magician software, however it wouldn’t let me make any changes.
I tried via the Computer Management -> Disk Management system to Shrink the volume, however it showed I could only shrink it by 47MB.
It turns out that both trying to Shrink the volume in Disk Management and in the Samsung Magician software uses the Defrag system which tries to move files and sees how much space it can allocate. However the ESET files, for me the ones in the C:\ProgramData\ESET\ESET Security\ScanCache\1185 folder were blocked from being moved by the ESET Self-Defense system. I couldn’t delete, move, change permissions or do anything to them, even as an admin. They were also right at the end of the drive.
I found out it was ESET because the Additional Considerations part of the Windows help suggested filtering the Application Log for Event 259 after trying to see how much I could shrink the volume. This includes me using Diskpart on the cmd line and also manually running the defrag C: /H /U /V /X command. But that’s not needed.
I spent a while trying to disable everything of the ESET Internet Security software that I could. But the important stuff seemed to be locked down. I couldn’t disable the service in services.msc I couldn’t kill them in Task Manager. Being an administrator didn’t help. But I hadn’t restarted my computer.
Thankfully a post by Marcos in the ESET forum pointed out how to disable the Self-Defense system. Disabling my Internet (pressing the Airplane mode button on my laptop) and following the prompt about restarting was all it ended up taking.
I can now easily Over Provision my SSD drive.
Although I should have gone with the recommended 6% I’ll change that soon enough.
By the way. Don’t forget to re-enable Self-Defense mode in ESET and reboot again.
