Vista SP2 RTM - be careful!

Discussion in 'ESET NOD32 Antivirus' started by jimwillsher, May 2, 2009.

Thread Status:
Not open for further replies.
  1. flyrfan111
    Offline

    flyrfan111 Registered Member

    I haven't seen any problems, installed SP2 on 2 laptops which had ESS .437 already installed, haven't seen a problem of any sort yet. Ran 2 full system scans and have rebooted several times, running smooth so far.
  2. Heat
    Offline

    Heat Registered Member

    I can confirm this works! :D

    I updated to Vista SP2 some weeks ago. I got a BSOD and Eset would not start properly (red icon and message saying I need to reinstall). Fortunately I could uninstall easily and I downgraded to ESS 3.0.684. I have a virtual machine in VMWare with Vista SP2 x86 installed. When I tried to install ESS 4.x I would consistently get a red icon right after installation. Disabling or enabling UAC or self-protect didn't matter.

    I tried the reg-file and installed ESS 4.0.424 as Administrator, rebooted a few times and everything looks good so far.

    So this would indicate a permission problem which begins at install, but only occurs with Vista SP2 installed. Differences between normal install and Administrator install should be studied and the install-script needs to get a few extra permissions.

    Good luck Eset. I hope the permissions can be set through Eset updates or else I think Eset is gonna be srewed, when everybody who updates to Vista SP2 needs to find a new working setup of Eset.
  3. JuliusB
    Offline

    JuliusB Registered Member

    Are you sure it fixed them? It's not like NOD32 does not start all the time, sometimes it starts, sometimes it does not. For me, running all setup procedure as Admin did not help. After install NOD32 failed to start correctly again. After restart worked fine but after one more restart another error message(never seen it before) - services failed to start - POP3/HTTP protection not working.
    Btw disabling UAC is not a good solution for security anyway... Sometimes people think it's all about confirmation boxes, but it's not. UAC control applications privileges, only those application that need Admin rights to work correctly get it. This can greatly help security. Consider this:
    UAC is not active and web browser get exploited on a malicious web page. Now since UAC is off, browser was working with full admin rights and so in turn exploit gets full access to the whole system
    Now if UAC is active and browser gets exploited exploit has limited access and can't for example install malware because it can't access registry, windows or program files folders and some other protected folders. Internet Explorer browser with UAC on is even more secure because it only has access to temp folder - it works in sandbox.
    Last edited: May 26, 2009
  4. elyoh
    Offline

    elyoh Registered Member

    Definately doesn't fix it. Initially seemed no problems but I ran a full scan and rebooted a couple of time and then the issues came back.
  5. gabe
    Offline

    gabe Registered Member

  6. nanana1
    Offline

    nanana1 Frequent Poster

    I think ESET should recommend a downgrade to version 3 if the user should install Vista SP2 update.*puppy*
  7. miki69
    Offline

    miki69 Registered Member

    Just updated to SP2, NOD32 is working ok so far, except very often I get error "some internal error bla bla" followed by red icon, so I need to restart my computer. Don't know if this is relatated or not, but this happens quite often while running on batteries. As I said after restart (and plugging in cable) it seams to work, until next restart.

    Since I have installed SP2 I don't get "pop http error" anymore, just this error that NOD32 is not working at all, so I need to restart.

    My spec: Sony Vaio Z590, Vista Business (32bit) SP2, latest NOD32 version

    Cheers,
    Miki
  8. Charlie Freak
    Offline

    Charlie Freak Registered Member

    I am absolutely disturbed by this.

    Unfortunately, upon seeing that my NOD32 install was broken after installing Vista SP2, I attempted to uninstall the (broken) v4 install in order to reinstall or revert to v3. The uninstall was not successful and only complicated the situation.

    After numerous attempts to completely remove/repair the installation, I finally ended up doing a system restore.

    This situation, combined with various other problems we've had with v4, has just pushed me over the edge. I can't help but think that someone at ESET is asleep at the wheel.
  9. jimwillsher
    Offline

    jimwillsher Registered Member

    It certainly seems very odd. ESET are silent on the subject until the very day SP2 goes public, and we then get acknowledgement of the issue by ESET. It's especially odd given that 4.0.437 is only a week old.

    Surely, surely ESET had access to SP2 before release day? Surely they have MSDN or TechNet access? Surely it's better to get the solution out there before SP2 goes public, rather than forcing people to rebuild their system.

    It all seems very slipshod to me, and quite disheartening. They should have fixed it before SP2 went public, and if they couldn't fix it they should have sent a warning to people. They have email addresses for all their registred customers. Isn't that what "being proactive" means?

    A sad episode I feel. ESET are clearly not the leading-edge company they were. More like bleeding-edge.



    Jim
  10. Biscuit
    Offline

    Biscuit Registered Member

    Good grief, I just saw this thread & read it with horror. Vista SP2 is now appearing on WSUS & available on Windows update today & now it seems that there is a blue screen issue with Nod? What is this company playing at?

    If my user base starts getting BSODs caused by Nod, it will be the final straw for me.
  11. CrunchieBite
    Offline

    CrunchieBite Guest

    Maybe but, look at it this way....are people really complaining that Eset has incompatabilities with products that are not even released to the general public yet? MSDN and technet are advanced releases for IT pros and corporates and not the general public.

    At the end of the day, anyone who goes installing major updates like service packs without testing 'just because it has been released' is just asking for trouble. How many network administrators do you know that go installing any and every patch released onto their servers the day the patch gets released?

    It never ceases to amaze me how many people are already saying on here about problems with Eset and Windows 7 - Windows 7 isn't even supposed to be released for a fair few months yet!!!
  12. CrunchieBite
    Offline

    CrunchieBite Guest

    http://www.microsoft.com/downloads/...7a-5267-4bd6-87d0-e2a72099edb7&displaylang=en

    I'm not sure if the SP will immediately be listed on WindowsUpdate or not (I suspect it will be shown as optional to start with) but, either way, you can block it on all clients using the Windows Service Pack Blocker Tool Kit and the GPO in your domain.

    ~CB
  13. Metallian
    Offline

    Metallian Registered Member

    Yes, I'm sure this fixed the problem. But before I installed the application I removed the current version (in safe mode) and removed all the ESET registry entries. Installing the application as an administrator without doing this first doesn't fix the problem.
  14. jimwillsher
    Offline

    jimwillsher Registered Member

    No, people are complaining about products that are released to the public. SP2 is public, as of yesterday. And the reason we've been complaining for weeks (I started this thread) was to "encourage" ESET to get it fixed before SP2 went public. Sadly this did not happen.

    Jim

    Edit: ESET happens to work perfectly with Win7 ;-)
  15. Biscuit
    Offline

    Biscuit Registered Member


    Sorry, by "clients" I meant "customers". All my server customers are using Nod32 v2.7. Vista SP2 is available on both WSUS & Windows update this morning.
  16. The Nodder
    Offline

    The Nodder Registered Member

    I've just installed SP2 on my Vista x32, no problems, NOD32 works as it should.

    However, I have my hard drive divided into 4 partitions as follows :-
    c: vista
    d:for my anti-virus, Outpost firewall and othe security programs.
    E: for all the programs etc I have got and anything to do with my PC.
    F: for my installed utility programs.
  17. Heat
    Offline

    Heat Registered Member

    Hi!

    I've been testing Metallian's solution some more and I'm quite confident that this is THE solution. I tested it in a Virtual Machine with Vista SP2. A normal install would consistently result in errors. Installing according Metallian's description works flawless until now. I've updated Eset, updated Windows, rebooted numerous times and Eset is still working.

    I think Metallian is also correct in saying that people who still have problems after installing as Administrator did not have their previous version correctly installed.

    This really seems to be a permissions-problem. So when folders and registry-keys are left after uninstalling Eset these folders and keys might still have 'bad permissions'. The new installation does not fix it.

    So if you have version 4.x installed, you should completely remove it. Go to the Control Panel and remove Eset. If it fails, then you should reboot into safe-mode and try again. After unstall remove these folders:

    %ProgramFiles%\ESET
    %ALLUSERSPROFILE%\ESET
    %APPDATA%\ESET
    %LOCALAPPDATA%\ESET

    Also remove these registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\ESET
    HKEY_CURRENT_USER\SOFTWARE\ESET

    Then reboot.

    Download and extract this file:
    http://www.symantec.com/connect/sites/default/files/MsiRunAsAdmin.zip
    Doubleclick on the reg-file and confirm that.

    Now right-click on the msi-file from Eset and choose "Run as Administrator".

    Follow normal installation-steps and you should be good :D

    Many thanks to Metallian!
  18. guest
    Offline

    guest Guest

    Just tried the running the msi as admin trick, and it semmed to work but after a few reboots im back to real time protection is disabled. Trying to enable it in setup menu gives error about not having permisions to change this setting.

    OK just rebooted and its now working.
  19. Heat
    Offline

    Heat Registered Member

    Did you remove all folders and registry-keys before you reinstalled? See my previous post.
  20. guest
    Offline

    guest Guest

    Aye did that, also found some ESET service and drivers were still being loaded even after uninstalling. only noticed this after high cpu usage from ekrn.exe.

    Reg keys not removed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv

    There is a few more but these had been removed by the uninstaller
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfwwfpr
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EhttpSrv

    Good news is that is seems to be working now. just seems like every so often after rebooting i get real time protection is disable error. Also not had any BSOD yet.
  21. Heat
    Offline

    Heat Registered Member

    If you want to try again, you could uninstall Eset. Then use this tool (maybe you need to do this in safe-mode, download the tool first):

    http://live.sysinternals.com/autoruns.exe

    Click on 'find' and type 'eset'. Uncheck everything related to Eset. Also remove the folders and registry-keys again, as stated before. Then reboot.

    Check task-manager (show all processes) and device-manager (view / show hidden devices) and see if you see any processes like 'ekrn' or drivers like 'eamon' (under non-plug and play drivers) active. They should all be gone now.

    Then try to reinstall As Administrator.
  22. gvWSF
    Offline

    gvWSF Registered Member

    NOD32 is really the first software that knocked my PC off. I haven't seen BSOD in years, but apparently eset did it. Unistalled until the issue is fully fixed.
  23. alan_s
    Offline

    alan_s Registered Member

    Wish I'd found this forum before installing SP2. It came out via windows update so I thought it was safe, I read the list of programs unsupported, and NOD wasn't listed, so I went ahead.

    So far I've not had BSOD, but I do get the red icon and "a serious error occured when loading real time protection". This was with 4.0.424, but I now have .437 off the site and still the same problem. I did uninstall 424 and reboot before installing 437

    This really is a shambles if its been going on this long, and ESET haven't found a fix, or even acknowledged the problem in their knowledgebase which I have also searched this evening.

    I will try a system restore, and then the "msi as admin" process as listed above, and if that doesn't work will have to consider a new AV package!

    Alan
  24. miki69
    Offline

    miki69 Registered Member

    That's exactly the same error message I'm getting!
  25. nfgxon
    Offline

    nfgxon Registered Member

    I have read all this with interest, but I am at a loss to understand it. I have installed SP2 on Vista 64 bit, i neither disabled, uninstalled, or did anything with Nod v4 . I just works...

    It seems amazing that so many systems seem to have problems with this.

    Does anypone have n idea why some system are affected and others ( most? ) are not?

    Bernard
Thread Status:
Not open for further replies.