|
|
#1
May 22nd, 2008, 10:29 AM
|
|||
|
|||
False Positive Fix
It appears that users in my company that have tripped over this FP issue (Adobe 8 here and Folding at Home on one system) need to be booted in safe mode and have the Eset services disabled. Reboot and do a normal startup, uninstall NOD32, reboot and then push it back to them through the console, apply updates and I haven't seen any problems since.
|
|
#4
May 22nd, 2008, 12:51 PM
|
|||
|
|||
|
SUGGESTED FIX for managed environments...
We are using Nod32 with a Remote Admin console and as long as the machine had 3120 definition files NOD32 on the workstation wasn't checking in nor updating to 3121. Luckily for us only 5 workstation caught this update...
If you combine their fix with my suggestion you could remotely fix the issues on multiple workstations... http://www.wilderssecurity.com/showthread.php?p=1247063#post1247063 We just tested the following option: Create and link Group Policy object (GPO) to the top of your domain using GPMC (call it anything you want.) Edit the GPO you've just created Drill down to: Computer Configuration Windows Settings Security Settings System Services Locate the Eset Service Double click and set to "Disabled" (don't change permissions on it.) Close & save the GPO To set this GPO so that ONLY machines you WANT Select the Scope tab Remove Authenticated user Click Add Choose Object Types | tick the Computers checkbox Enter the workstation names Click Ok Replicate your AD. Reboot the workstation once to get the GPO out to them. (You could try a gpupdate /force but that won't actually stop the service...) Reboot it again so that setting will take effect... i.e. Eset Service to stop. Remove remotely/reboot/reinstall remotely NOD32's suggestion to remove the *.DAT of files from 2 places DID not fix this for us! - SEE LINK ABOVE
PS> I've seen and personally dealt with other vendor's definition mess ups... haven't had to reinstall though... I'm willing to listen & learn on how to revert to previous definition files... or delete old ones etc... David Last edited by PII_David : May 22nd, 2008 at 12:58 PM. |
|
#5
May 22nd, 2008, 01:05 PM
|
||||
|
||||
|
Re: False Positive Fix
Nod has a built in uninstaller routine.
Or you could do something like at \\machinename 21:00 "msiexe /X eavbe_nt32_enu.msi /q" If you are lucky. Many of our machines are not responding over the network anymore so it doesn't work for those. VNC doesn't work either, so we have to actually physically go to these remote locations. |
|
#6
May 22nd, 2008, 01:44 PM
|
|||
|
|||
|
Re: False Positive Fix
That would work too, or use psexec to remotely run it too... but in our case the machine becomes completely unresponsive to any network connections (RDP/Server service etc.) about a minute after it starts up...
Remote management tools that we tried also failed while the old definition files are in place. The following could be used to fix the problem once the service is disabled: Gencontrol.exe from Gensortium psexec.exe from Sysinternals RDPRemoteEnabler.exe from IntelliDadmin There is a 3rd alternative that could be used in combination of the tools above... as soon as the machine appears to be up on the network use management console and connect to it's services and stop the Eset Service. i.e. ping <IP> -t As an admin run "services.msc" At the top where it says Services(Local) Right click and choose COnnect to remote computer Enter hostname Go to town with disabling eset service... Usually the machine locked up about 30 seconds later. User rebooted the machine for us, and we then deleted the specified files that NOD32 posted recently. (See link above.) OR remove/reinstall as needed. It saved a trip for several remote workstations for us! David Last edited by PII_David : May 22nd, 2008 at 01:52 PM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
