NOD32 V4 on SBS2003

Hi I am running an SBS server with V4. I upgraded v3 to version 4 and pushed the installation from a ERAS server which did the update. Now I see high CPU usage on the server. When looking at the services, I see that ekrn.exe has high cpu usage and drops and raises again...and that keeps happening. Egui.exe is normal...low CPU usage.
Clients are unable to connect to the exchange server running on this SBS box.

What may be the problem?

Rachiano.

 

I still stick with 2.7 on all servers..including SBS (in addition to 2.7 client...XMON of course).

Seen people with too many problems with version 3..and v4 just came out...I'll let others be guinea pigs.

Have you follow the proper exclusion list from real time protection?
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137


Essential exclusions there.

 

I still run v2.7 on all my servers as well. Actually, I run v2.7 on all mission critical machines, servers and clients alike.

Never once had a problem with it, so no need to risk anything by upgrading.
~Personal thoughts of course

 

Could it possibly be a file such as a large log being scanned over and over again?

 

When I ran version 3 I never added exclusions.
Have done the following now:
I uninstalled it manually and pushed it to the SBS server again. I also added the exclusions recommended and will monitor it. I don't have too large files...maybe the exchange database...but wasn't a problem in v3..but it's now exluded. Before I did the manual uninstallation I diabled real-time file system protection, but CPU usage was still high.

Will monitor it and post back.

Thanks.
Rachiano.

 

You should definitely add the exclusions. All AV solutions can screw up Active Directory metadata files as AD relies on critical timing.


Jim

 

Seems like the system is stable now.
Also disabled the indexing service which also consumed cpu resources.

You guys should upgrade from V2.7...when does ESET stop with support for that? I think soon.

Thanks.
Rachiano.

 

Negative...support will not stop soon.

How are you protecting your Exchange server?

 

If you have any problems with v4 , you can return back to v3 (which you say you had no problems with) . Like YeOlde mentioned , it was just released and generally business customers are not supposed to the first to move to brand-new versions.

I myself have moved everything possible (home and business clients) to v3.0 and never had problems with any network or machine in the last months . Have very few clients running 2.7 (Win 9x machines and MS Exchange)

 

I've heard a new version of XMON will be released soon...

 

SBS2003 has Exchange on one server.

To the OP, you should ONLY have ESET NOD32 for MS Exchange Server v2.71.9 running on your SBS2003 server.

 

Exactly....that's what I was hinting at above when I asked how is he protecting his Exchange store.

Makes me wonder why someone would make this suggestion...

Running Exchange (which is bundled with SBS) without proper protection...yikes!

 

Yeah I've been hearing that for a few years now.

 

Guys,
I am protecting Exchange with Microsoft Antigen for Exchange.
Any known issues between Antigen and ESET NOD32 AV?

Thanks.
Rachiano.

 

Just for reference, the exclusions you should be running on all Microsoft OS's per their instructions are:

I wouldn't bother with them if you are a home user, but you should apply these to managed installs on a domain to be safe.



Specific to domain controllers including DNS, WINS, DHCP. May need additional ones for other DFS shares.

ALWAYS exclude program databases and associated log files. That is just common sense, people.

 

Ahh, using separate product for the store..ok, as long as it's protected.

I haven't seen Antigen mixed with NOD on the OS mentioned around here, haven't tried it myself, I usually stick with same AV vendor for OS protection plus infostore protection.

With NOD4 being so new (released this week)...I doubt you'll see many server managers chime in that they have it running with Antigen on the same box...as we usually don't rush out and install the latest program version on production servers. I prefer to let the new version "cook in the oven" for at least another 6 months after rollout to let the bugs get ironed out of it, and see how it's working on servers for other people first. Kinda one of the reasons I skipped 3.0 entirely on my clients production servers...too many problems.

All my clients SBS servers ( that's quite a few) are strictly running 2.7 with XMON.

 

Although v4 seems fine (it is more v3 improvement rather than a new product - ulikely v2 and v3) , it is not a guarantee it will be ok . v2 was fine those years , now it is not at least for the home sector.

You skipped 3.0 entirely ... if you decide to skip v4 you may end-up with skipped ESET completely

 

Home sector..yeah, fine 3 and 4 are OK. I really don't deal with "home" users....too many odd issues and too little money. I'm an SMB Network consultant, so I'm talking about on servers here. Too many issues with 3 on servers, and most of my servers are centered around SBS...thus Exchange...thus XMON..thus 2.7.

 

Not sure if it's already been mentioned but running EAV V3 or V4 on SBS does absolutely nothing to protect the Exchange mailstores. XMON is specifically designed for Exchange, thus why it's called XMON and not AMON, as AMON was the AV scanner for workstations and non-Exchange Servers.

Why are you trying to upgrade from 2.7 by the way? What does EAV 4 that 2.7 doesn't? Version 2.7 is by far the best AV around for Exchange and will protect your server. ESET will not stop supporting it unless there is a proven and stable product in place to replace it.

ESET have already confirmed development of ESET AV for Exchange Server 4.0 which is currently under development, due in a beta in Q2/Q3, for final release Q3/Q4, this year. I would highly recommend you wait till then before attempting to upgrade from 2.7.

For the record I have tried installing V3 when it first came out on to Exchange and had several problems (there's a post on here somewhere), and experienced high CPU as well as clients being unable to connect to the server as a result.

Trust me, use XMON 2.7, nothing more.