NOD32 v4 Business Edition AV.

Hello Folks,

Wow, I am a bit wary of my latest purchase. I bought NOD32 Business Edition antivirus for my servers the other day. I am afraid after reading the numerous posts about the many issues everyone seems to have with this product that I made a serious blunder. I had the task of building several new servers that I installed Windows Server 2003 on. These are to replace our existing servers that are starting to show their age. These are clean installs since I wanted to be certain that the accumulated clutter of the past few years is gone. These servers are configured as Domain Controller(Primary and Secondary), file server, IIS/Application server, VPN/Remote Access server. The primary Domain Controller is configured just for the role of Domain Controller (nothing else). I want to install NOD32 v4 to see if I have any problems with it before I dump it and revert back to 2.7 or 3.0. I have used Symantec Endpoint Security, but find it too cumbersome and excessive for our needs. I know how to configure Symantec products for use on a server but know next to nothing regarding NOD32 v4. I have read installation manual and the Remote Administrator Guide for NOD32 v4. But they give me no clear 'rules' to follow regarding a server installation. With Symantec I had to 'exclude' all the folders, directories and subdirectories that contained the Active Directory files. This was to avoid the Active Directory databases and log files from becoming corrupted during a virus scan. I have no clear-cut picture of configuring NOD32 v4 for the same purposes. Perhaps I am missing something in the ESET guides, but then again perhaps not. Can anyone outline the recommended installation steps to optimally install NOD32 v4 for my purposes? I also am a bit wary of the way scans are conducted with NOD32. I don't want to overload these servers with excessive antivirus overhead/processing. I simply want a small-footprint, low resource hungry installation. We do not allow web browsing on these servers and our email service is a hosted Exchange 2007 server (not on our local network). I got the impression that NOD32 v4 was the way to go. But I am really concerned about all the negative posts I am reading. I thank you in advance for your time and assistance.


-P_Head

 

I still use 2.7 on all my clients servers.

For exclusions..this holds the same regardless of what brand AV you use, the following list is for Small Business Server..but if you're just running Windows Server you can separate the Exchange stuff that you won't need.
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137

 

Hello YeOldeStonecat!

Cheers mate! I really appreciate your responce to my query. It was most helpful. I do however still have one remaining question. I am concerned about the way NOD32 does it's scanning. The real-time file scanning makes me nervous. I don't want to bog down these servers/users while NOD32 feels it is necessary to open/re-open files for scanning each time they are accessed. I seem to have read elsewhere on the forum(s) that this creates headaches for some users. I have read the ESET guides, but they seem geared toward home users and don't really discuss servers in any great detail. I know Symantec Endpoint Security was a resource hungry beast that slowed down everything. That was my main reason for going with NOD32. I had seen it installed on a few servers at my prior job. It seemed to work without being so demanding of resources. You mention NOD32 2.7, do you feel that it's best for me to ditch v4.0? I have read the numerous posts regarding it's instability on quite a few servers. I have to agree with what others have stated about the possible reasons. It is impossible for any software vendor to know in advance what configurations one intends to use. Home users are one thing. Most (mainstream) home users are simply accessing the web and doing e-mail. Sure they run a few applications, but normally nothing out-of-the-ordinary. Servers on the other hand are anything but 'normal'. The sheer number of applications and hardware/software combinations are astounding. Add into the mix the number of specialised protocols, non-standard port number assignments, you get the picture ;-). I bought v4.0 because of the improved features, but I think it might be worth holding off using it now. What are your ideas on this. Thank you for your advice and assistance.

Cheers,

-P_Head

 

I also use v2.7 on all mine and my clients 2003 SBS servers. I have them fully configured and they are never bogged down.
As long as you have the recommended exclusions setup correctly, it shouldn't cause any kinds of slowdowns or hangups with the systems at all.

I personally have not upgraded any of my servers to v4. They are "mission critical" in some offices so I am not going to risk causing any problems when they have been running fine with v2.7 for the past few years.

Upgrading to v4 is going to be a personal preference. Other will tell you about improved detection for rootkits and spyware, which is true, but it all boils down to personal choice. v2.7 is very light-weight and does an excellent job protecting servers.

 

Hello Capp,

Thank you for your reply. I appreciate both you and YeOldeStonecat's suggestions and recommendations. What are the odds that a 'vanilla' installation of Windows Server 2003 Standard Edition (nothing special or fancy) will have issues with NOD32 v4. I don't have any specialised/custom hardware or software on my servers. Everything that is running on my servers was installed from the Windows Server 2003 installation CD's. The only exception is our Oracle WebLogic server software. I've always followed the 'path of least resistance' with my servers. I have learned many lessons the hard way. Mixing too many cross-vendor solutions onto a server has proven disasterous in the past. I am certain that people who are having problems with NOD32 v4 are running hardware and software solutions from many different vendors. I have found that using one vendor for hardware, one vendor for networking and one to two vendors for software has eliminated much frustration for me in the end. I used to work in a 'mixed-mode' environment and have seen firsthand the many issues that arise out of doing so. Any subtle compatability issues are easily addressed when using the single vendor solution(s). But, put several mixed vendors products into the mix and you are bound to end up with major headaches. So, it leaves me wondering if my 'plain jane' server installs will face the same dilemma people are reporting. I'd like to try NOD32 v4, but I still remain wary of it. I've read all the guides for v4 and have become accustomed to this version of the antivirus. It looks like I'll be reading about NOD32 v2.7 later today. Thanks again Capp! I appreciate your assistance. Have a great day!

-P_Head

 

This is not true. Files are rescanned only if they have been modified or the signature database has been updated. As of v2, ESET uses intelligent cache so that files are not scanned repeatedly unless there's a reason to do so.

 

In addition to the exclusions in the link above I posted....I add the directories for main line of business applications...following their vendors advice on antivirus settings.

Also on the servers, in 2.7, I go into AMON setup, the Extensions button, and uncheck "Scan All Files". This way the servers AMON is only scanning file types which are possible for a path in by the bad stuff. You don't need to be scanning stuff like .log files (which..on some servers..can be HUGE and performance sensitive). Also if XMON is on the server, in its settings I disable background scanning.

Disadvantage to having 2.7 on your servers instead of v4? Well, V4 is claimed to have much better protection from the current crop of rogue malware...but you catch that through your web browser. On a server you're not surfing the web (at least...you shouldn't be). So if you're not surfing the web...why bother with a heavier AV that gives better web protection?

 

Hey Pecker Head!!

(Just wanted to post that.)

 

Hello P,

Here is a list of the following servers I use 4.0 NOD32 on, and have been using for weeks now without problems. I have around 30 servers running 4.0 here at my main HQ and at remote sites.. My main clustered file server is running 4.0 now without any problems. We have around 2,000 users hitting our file services, and I am sitting here right now watching the nod32 process going up to 2% usage at the most.. *Windows 2008 Server SP1*

I have a mixture of 3.0.684 and 672 on a couple of servers still that I have not got around to replacing along with clients. The only servers that still use the 2.7 version are my NT4 servers.. I work for a state agency as a Systems Admin..

 

Hello JimIT!

Most of my employees/coworkers have called me this for several years now. I wonder, is it true ;-)? The name has sort of caught on so if the shoe fits I wear it. I like to make people laugh, laughter is something we need more of in this world!!! Have a good one! Take care.

-P_Head

 

Hello bradtech,

Thank you for your reply. So, in your environment it seems that none of the gremlins have surface that many others are reporting. I would like to try v4.0, but I still remain hesistant to do so. I worked hard to get these servers installed, patched and upgraded. I'd hate to have to start this process all over again due to issues with v4. As YeOldeStonecat reports, the only advantage to v4.0 is in the malware/rogue software detection via the browser. I've used GPO to ensure no web browsing directly on the servers is allowed. I also remain quite uneasy about the way NOD32 does scanning in 'real-time'. I worry about the CPU spikes and the resulting 'slow-down' while NOD32 does this. As you report though it looks like in your environment this isn't a real issue. I used Symantec Endpoint in such a way that I setup daily scheduled scans to check the servers and workstations. That helped eliminate the serious CPU spikes that one could not help but notice while using that product. Could you ouline your installation in more detail. I'm interested in knowing what options you are using/not using. This would enable me to be better prepared to attempt using v4.0. As I said in my earlier posts all the ESET guides seem more geared toward the home user market rather than the server market. They discuss very little in what options can be disabled to save resources and not create potential bottlenecks. I would be very grateful if you could provide me more details on your installation. Also any pointers you can offer me to avoid serious mistakes would be much appreciated. Thank you all for your time and assistance. I am very grateful! Have a wonderful day!!!

-P_Head