Using 4.0.424 on a DC now for over a week, and it hasn't crashed, or been unable to be logged into.

I figured out the problem... EXCLUSIONS that were set on the domain controller (as recommended by Microsoft) were NOT working, due to wildcards, ie

%windir%\
%Systemroot%\

I manually went into the config for the server, and specified the ACTUAL folders, ie:
c:\windows\xxxxx

and voila... so.. anyone else feeling brave, may want to try this..

ESET doesn't support the environment variables, you have to write them manually. So yes, what you've done is the correct thing (and required).

But some malware can get into the Windows folder... can you reference the MS article that recommends excluding the entire Windows folder?

-{ Quote: "ESET doesn't support the environment variables, you have to write them manually. So yes, what you've done is the correct thing (and required)." }-

Can you cite?

Their Server config KB article directly contradicts that:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2144&actp=search&viewlocale=en_US&searchid=1240406954816

Wherein it says:
The final settings which need to be configured will vary depending on the software that is installed on the server. For instance, database and backup software should be excluded from the real-time and On-demand scanners. When entering the directory paths, make sure that *.* is added to the end of each entry. As an example, the following directory paths should be excluded if the server is running Microsoft Exchange:

%Program Files%\Exchsrvr\MDBData\*.*
%Program Files%\Exchsrvr\Mtadata\*.*
%Program Files%\Exchsrvr\Server_Name.log
%Program Files%\Exchsrvr\Mailroot\*.*
%Program Files%\Exchsrvr\Srsdata\*.*
%System Root%\System32\Inetsrv\*.*
%Program Files%\Exchsrvr\IMCData\*.*

Hello,

I have contacted ESET's knowledgebase team and asked them to update the article.

Regards,

Aryeh Goretsky

OK, I take that back.. the DC had been fine for almost a month, and when I got back into the office today, we were unable to login to the Domain Controller.. only solution was to reboot it, at which time it worked fine.

I uninstalled 4.0.424 and put in 4.0.437 -- hopefully it will behave..

Any word on a simple tick-box for the recommended Microsoft esxclusions?

It is really INSANE to have to do these manually, when they are pretty much mandatory for things to work right, even on workstations?

I mean, come on ESET! You are causing YOURSELVES all kinds of grief by NOT doing this, in the form of (now massive) complaints here on the forums.

NOD32's reputation has really dropped MANY notches in mine and others eyes, and this (damaged reputation) is something that is not easy to fix.

You typically do not need to do this on workstations since the softwaredistribution database is so small and has so little IO that the scanning engine hitting it won't really cause a problem. I do agree that something could be done to make it a little easier setting up the default recommended exclusion on a server OS, maybe something detects the roles installed on the OS and makes recommendations accordingly.