Event ID:6004 - A driver packet received from the I/O subsystem was invalid.

Discussion in 'ESET NOD32 Antivirus' started by dwood, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. jfreymann

    jfreymann Registered Member

    Joined:
    May 5, 2008
    Posts:
    8
    goran_larsson

    Yes, this is a workstation, not a server. I reboot it daily and after nearly every software install.

    Thanks for the link to the article on resetting the off-line folders cache. I'm continuing to run .650 and work with ESET on the problem report I submitted last week.
     
  2. Robertno

    Robertno Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    2
    Location:
    Ireland
    Nice work on the problem resolution folks - unfortunately, I only came to this thread in the last couple of weeks, by which stage I had rolled back to 2.70.39 on all our clients SBS servers, due to the server lock-ups.

    In our case, we were only seeing the problem (server locking up) on SBS 2003 R2 versions, but that is not to say the problem does not occur on older SBS 2003 releases.

    However, we do not have UPHClean installed on any servers and also the PM function has not been working for a few days on this forum, in order to PM Marcos for the 3.0.653.0 release of NOD. Anyone know of another way to get this release?

    One other thing, we did notice that 2.70.39 was dismounting the SBS Exchange database on the server, even when the Exchange partition was added to the exclusion list - any ideas?

    Cheers,
    Rob
     
  3. CrookedBloke

    CrookedBloke Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    110
    Robertno, you might try the PM functionality now. It's working for me. If you write to Marcos you may need to exercise some patience while awaiting the response. I have a feeling that these guys (ESET) are busier than a one-legged man in a butt-kicking contest.

    :D

    Marcos specifically asked me (and I suspect the other people with whom he has communicated) to NOT provide the download information for 3.0.653.0. He wants to be directly involved with each person who gets it for testing.

    This is not an official release of their product, and I suspect they may be beyond that version now in their own testing. I've been running it for about a month, but I wouldn't think of putting an unofficial release on one of my production servers. My one installation of it currently resides on a server which has been relegated strictly to testing purposes.
     
  4. Colditzz

    Colditzz Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    46
    This is the same for me, the only way to get this version is to PM Marcos.

    I do currently have this version on one production server, the reason for installing it on that server was that it is the only server I have that runs UPHClean, and it was a known problem server. Since installing it on this server and adding the ekrn.exe to the UPHClean exclusion list, the problem has totally gone away, haven't had to reboot the server since. I am also running it on my laptop quite happily, I did notice a few days ago that there was a module update to this version too...
     
  5. CrookedBloke

    CrookedBloke Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    110
    Hey, Colditzz!

    A module update, eh? I haven't particularly been paying attention to updates -- just noticing that I'm seeing signature updates.

    Interesting. I hope they don't send you a module update that causing things to go South again!

    :eek:

    Heh. I shouldn't have said that. I've probably jinxed you!

    I'm not brave enough to put 3.anything on my production servers. I'm sticking with 2.70.39 until I see some hard evidence that the teething problems with version 3 have been resolved.
     
  6. Colditzz

    Colditzz Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    46
    Hi CrookedBloke...
    :eek: :eek: :eek: :eek: :doubt: I hope not!!...

    Everything is still (sitting on a wooden chair) going well with the 3.0.653 tbh, I'm getting a little concerned that it's been so long and a new 'official' version is yet to be released though... Hopefully we'll hear some news soon (taps on Marcos's link) even if it's just "we're still working on it", just to show we are still thought of :)

    I'll let you know if things start to go south any time soon, and I'm not moving from my chair either!! :doubt: :doubt:
     
  7. Robertno

    Robertno Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    2
    Location:
    Ireland
    :doubt: Ye that's fine guys, I totally understand that you cannot provide the unofficial release. We are a NOD reseller ourselves and all our customers are running NOD on their servers, so as you can imagine, for the last couple of months I've been going "no, not NOD too! It's turning into Norton!!!!!".

    We are in the SME market, which means that our customers all run production servers, no Test or Dev environments :doubt:

    As I said, we are only seeing the problem on R2 release on SBS 2003, not the original release and no UPHClean installed on those servers.

    Hope to hear from Marcos soon, have PM'd him so fingers crossed.
     
  8. George77

    George77 Registered Member

    Joined:
    May 15, 2008
    Posts:
    6
    I'm new to this Forum but I've been keeping an eye on this thread as my company is an Eset reseller and we've been experiencing the same problems with NOD32 Antivirus v3 versions up to 650 with Windows 2003 Server. We've had to roll back to v2.7 on many servers too.

    However I've just noticed the same problems exhibited on a machine running Windows XP Pro, but acting as a file and print server, after installing the Eset Smart Security Suite v3.0.650.

    Also quite annoying is that you cannot disable the firewall permanently! Whereas some similar suites (like Kasperksy Internet Security for e.g.) allow you to completely unselect different components at install time.

    So it seems it's the same hanging etc. problems exist in the Smart Security Suite too? I'm assuming it's because of the same AMON scanner?
     
  9. jfreymann

    jfreymann Registered Member

    Joined:
    May 5, 2008
    Posts:
    8
    George77

    I am having similar problems on Windows XP clients, I've not loaded ESS yet on my XP peer-to-peer "server" due to this issue. I use off-line files extensively and get the 6004 errors frequently when grabbing files from the "server". About twice a week the client event log has a message that the "offline files" are corrupt and that I should reboot.

    ESET Tech Support says this problem is resolved in .650, however I'm still having the problem.
     
  10. rebop

    rebop Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    49
    Just bought a ReadyNas 2 days ago and sarted getting tons of 3019 and 6004 events. The 3019's were cured by a Microsfot known but in XP SP2 tcpip.sys. Replacing that turned all errors in 6004's every time th eReadyNas was touched. Replacing the epfwtdir.sys file in both eset/drivers and system32/drivers cured it immediately.

    So happy to have found this thread. I had Netgear bafled :)

    And thanks for Eset working on this one and coming through.

    ~Bob
     
  11. kdebono

    kdebono Registered Member

    Joined:
    May 18, 2008
    Posts:
    6
    Good morning people,

    I found this thread yesterday when I noticed the infamous error 6004 on one computer and spent all the night reading all of it. I'm roughly in the same situation as the rest of you. We had nod 2.7 and unfortunately upgraded to version 3.0 :'( I faced the problem with one of our File Servers immediately and uninstalled it. I've contacted ESET and they asked me to exclude some folders and disable email protection and Web access protection. I redeployed it and it seemed to be ok but I guest that I was wrong. After a week or so the File Server started to behave in a strange way. User can still access the shares, RDP does not work (that's normal), when users try to copy large files they get the error message "Not enough storage space is available to process this command" and VSS does not work properly so Backup Exec could not backup open files since it uses VSS. Restarting the Server service temporary solves the problem. At the beginning I didn't think that it was NOD because the behaviour was a bit different but eventually gave up and removed it and for the time being left it without antivirus protection i.e. I didn't put back 2.7. The problem is that this Server is still behaving in this strange way but I'm sure that it is NOD, this Server (Server 2003 R2 SP2) was working perfectly before and nothing was installed on it apart from the Microsoft updates. Could it be that NOD v3 on the clients is causing this problem? This File Server is used a lot since all the data at HQ is on it. In the morning before users arrive at work the performance of the File Server is ok as soon as users start to come in the performance goes down...

    BTW I don't have UPHClean on My Servers

    I have another File Servers at one of the sites that is shows the usual symptoms...At first I disabled the Real-Time scanner from the interface but the problem didn't go. Yesterday I disabled the Service altogether and so far it seems ok. Have you guys experienced such behaviour? i.e. that stopping the real-time scanner from the interface is not enough...

    Thanks

    Best regards,

    Kevin
     
  12. PII_David

    PII_David Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    17
    I just wanted to post my experience with NO32 v3.0.650.0/v2.7

    We have v3.0.650.0 running on 15 Win2003 SP1 Standard Servers with no problems with 9 left to go. The only one so far that I had any trouble with was our Forest root server (it was an upgrade from an NT 4.0 PDC several years ago) so I'm not surprised NOD32 v3.0 barfed - Upon a reboot it complained that it wasn't able to get the firewall service working right...

    Event Type: Error
    Event Source: MsiInstaller
    Event Category: None
    Event ID: 11306
    Date: 5/16/2008
    Time: 7:57:00 PM
    User: XXXXXXXXXXXXXXX\XXXXXXXXXXXXXXX
    Computer: XXXXXX
    Description:
    Product: ESET NOD32 Antivirus -- Error 1306. Another application has exclusive access to the file 'C:\WINNT\Profiles\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat'. Please shut down all other applications, then click Retry.

    Data:
    0000: 7b 38 36 41 36 45 32 33 {86A6E23
    0008: 35 2d 43 30 38 46 2d 34 5-C08F-4
    0010: 41 31 34 2d 42 31 34 43 A14-B14C
    0018: 2d 37 39 33 43 37 44 38 -793C7D8
    0020: 38 34 34 41 30 7d 844A0}


    LONG PRIOR to installing NOD, we USED to run UPHClean until Terminal Servers BSOD-d on them. A quick kernel debug showed the offending service to be the UPHClean service and it was quickly set to disabled.

    After reading this thread, I was sort of petrified about putting it on an HP Proliant running Windows Storage Server 2003 SP1. It went on with NO problems... haven't had any issues yet. It's used as a central file server with about 200+ shares with 100+ clients.

    All of these servers/systems had previously been running McAfee VSE 8.0 with the ePO agen 3.6.x on them... Not sure if that's common for anyone else, but I DO know that McAfee/ePO does include a LOT of extra system files... and YES even they have some packet issues noted in the Event Log.

    We DID experience the problem in one of our sub-domains on a Win2003 SP1 (3.0.650.0) and was asked if we could test 3.0.658.0 but declined - It's a production server... Installing 2.7 worked flawlessly.

    Almost all of our clients are running NOD32 (~90) and are actively sharing files to/from servers also running NO32 v3.0.650.0

    There has to be an explanation for these events... - I'm surprised that the SysInspector isn't built into NOD32 with the ability to submit directly to developers. Not that the previous vendor's similar tools with other issues was of any great use either...
     
  13. George77

    George77 Registered Member

    Joined:
    May 15, 2008
    Posts:
    6
    Yes I've seen this too. I have to disable service completely in services.msc

    I'm currently checking the Eset website daily to look for something later that 650!
     
  14. kdebono

    kdebono Registered Member

    Joined:
    May 18, 2008
    Posts:
    6
    George,

    thanks for your feedback :)

    I'm also doing the same, hopefully there will be a new update soon so that I can wake up from this nightmare...

    Best regards,

    Kevin
     
  15. broozm

    broozm Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    5
    Chiming in - having the same issues on SBS 2003. Almost lost a customer as a result.. Thanks goodness for this thread! Keep up the good work.

    I cannot see a download for v2.7 32bit Busines Edition (for server) on eset.com - does anone know a direct url?

    And how can I tell from old saved downloads what version the exe is? (short of starting an install:!)

    Thanks
     
  16. kdebono

    kdebono Registered Member

    Joined:
    May 18, 2008
    Posts:
    6
    Broozm,

    on the ESET website you have to select downloads and then select Download purchased software. The following link should take you there

    http://www.eset.com/download/business.php

    Best regards,

    Kevin
     
  17. ICA

    ICA Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    34
    Morning to y'all,

    Version 3.0.657 is available for download, hopefully all of these problems are solved now!

    Rene.
     
  18. kdebono

    kdebono Registered Member

    Joined:
    May 18, 2008
    Posts:
    6
    ICA,

    thanks for the great news:)

    Did anyone of you guys try the new release? Is the problem really fixed?!

    Thanks

    Best regards,

    Kevin
     
  19. Colditzz

    Colditzz Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    46
    OMW to the ESET site now...

    Is a shame there was no 'head's up' about this from ESET in this post though...
     
  20. CrookedBloke

    CrookedBloke Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    110
    Hello!

    Well, I downloaded 3.0.657.0, then installed and configured it on my test server (WS2003 SP2, not R2). I excluded SQL database files, network drives, and System Volume Information directories. We'll see.

    I haven't had the nerve, yet, to remove ekern.exe from UPHCLEAN's exclusions list. (I don't want to drive the 15 miles to the remote site where the test server is.)

    Is anybody feeling brave?

    :D
     
  21. ICA

    ICA Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    34
    I have installed it on 7 Win2003 servers and also on 20 workstations and it runs without hangups and errors like mentioned in this thread.

    I had a lot of problems today when a new signature database arived, but that is covered in several other threads already.

    Let's hope that all the problems with the software are solved now and that we can get back to our work again instead of becomming an eset troubleshooter.

    Regards,

    Rene.
     
  22. jfreymann

    jfreymann Registered Member

    Joined:
    May 5, 2008
    Posts:
    8
    Folks bad news here... I did a clean uninstall following details from ESET and then installed .657 (english) I am still getting the 6004 errors when accessing off-line files on an XP peer-to-peer sharing network. Still issues with the redirector.

    The "server" is not running ESET, but rather McAfee. The client is running ESET.

    Here's an eventlog entry:

    Event Type: Error
    Event Source: EventLog
    Event Category: None
    Event ID: 6004
    Date: 5/25/2008
    Time: 6:09:54 PM
    User: N/A
    Computer: JPFT40
    Description:
    A driver packet received from the I/O subsystem was invalid. The data is the packet.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 0c 00 e0 00 0e 00 00 00 ..à.....
    0008: cb 60 7c 71 bc be c8 01 Ë`|q¼¾È.
    0010: 40 00 00 00 00 00 00 00 @.......
    0018: 00 00 00 00 04 00 4e 00 ......N.
    0020: 00 00 00 00 cb 0b 00 80 ....Ë..€
    0028: 00 00 00 00 10 00 00 c0 .......À
    0030: 00 00 00 00 00 00 00 00 ........
    0038: 00 00 00 00 00 00 00 00 ........
    0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
    0048: 6d 00 62 00 00 00 5c 00 m.b...\.
    0050: 44 00 65 00 76 00 69 00 D.e.v.i.
    0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
    0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
    0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
    0070: 69 00 72 00 65 00 63 00 i.r.e.c.
    0078: 74 00 6f 00 72 00 00 00 t.o.r...
    0080: 46 00 49 00 54 00 53 00 F.I.T.S.
    0088: 00 00 4e 00 65 00 74 00 ..N.e.t.
    0090: 42 00 54 00 5f 00 54 00 B.T._.T.
    0098: 63 00 70 00 69 00 70 00 c.p.i.p.
    00a0: 5f 00 7b 00 30 00 38 00 _.{.0.8.
    00a8: 41 00 42 00 42 00 45 00 A.B.B.E.
    00b0: 37 00 44 00 2d 00 39 00 7.D.-.9.
    00b8: 41 00 32 00 43 00 2d 00 A.2.C.-.
    00c0: 34 00 37 00 36 00 32 00 4.7.6.2.
    00c8: 2d 00 42 00 30 00 41 00 -.B.0.A.
    00d0: 32 00 2d 00 41 00 41 00 2.-.A.A.
    00d8: 45 00 43 00 39 00 00 00 E.C.9...
     
  23. goran_larsson

    goran_larsson Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    51
    Location:
    Stockholm, Sweden
    I actually installed it on all our Domain controllers now, sofar they seem to work fine, altho I did have some hickup with a file server where ekrn.exe occupied about 500 megs of ram altho not totally frozen but indeed preventing access to file shares for the majority of the local site clients, this server had 3.0.650 so I simply installed 3.0.657 over it and the server started to work again.

    I also installed it on a primary Systems Management Server so the next few days will be fun :)

    Oh I also did do a sysinspector thing on that troublesome server and sent it to eset.

    Cheers Göran
     
  24. George77

    George77 Registered Member

    Joined:
    May 15, 2008
    Posts:
    6
    I've been running 3.0.657 on a couple of Win 2003 servers and Win XP workstations and all seems well so far!

    I've also installed the latest Remote Administrator Server & Console which supports update mirrors for both 2.x and 3.x products and that seems to work fine too.

    So could this be the end of our headaches?
     
  25. Colditzz

    Colditzz Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    46
    So far, I have installed 3.0.657 on a few near critical servers (that are located about 3m from where I sit) and I'm pleased to say they are still functioning correctly... I'll be continuing the roll-out to the remote servers today. I'll post here if I get any problems...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.