Warning! Version 4 is crashing servers!!!

Discussion in 'ESET NOD32 Antivirus' started by not4, Mar 20, 2009.

Thread Status:
Not open for further replies.
  1. not4
    Offline

    not4 Registered Member

    What is a short period for Eset? How long is version 4 on the market? 2 months? You can see posts about problems with that version since it's released and it's still not fixed!!! Avoid, Avoid, Avoid Eset products!!!
  2. pua
    Offline

    pua Registered Member

    Dear Not4

    Try to shut down the firewall inside NOD32 Ver4 it may help you, if you already have a firewall inside your environment.
  3. not4
    Offline

    not4 Registered Member

    There's no firewall in NOD32 antivirus:) but thanks for your help.
  4. Plazzman
    Offline

    Plazzman Registered Member

    Has anyone tried the newest released version 4.0.417.0. ? Would like to know if this fixes the file server ( Windows 2003 Server) Problem?

    Thanks, Plazz
  5. Rahn
    Offline

    Rahn Registered Member

    Version 4 has been locking up my file server every day since we started using it.
    I originally installed over version 3 then tried uninstalling, rebooting, and reinstalling version 4. I can run with the realtime functions disabled but, as soon as I turn them back on, the system locks up after a couple of hours and has to be forcibly rebooted.
  6. utilman
    Offline

    utilman Registered Member

    I installed ESET NOD32 AntiVirus Business v4.0.417 ENG 32-bit at a client on 75 pc’s and laptops, and on multiple servers. Only the domain controller (which is print server too), is giving problems.
    This server is crashing every 10minutes. All exclusions are in place like they should but after 10min the only way to get contact again is resetting through ILO.
    When I disable the ESET service all problems are gone. Strange thing is that when I have ESET running and I stop the printer spooler all problems seem to be gone too.
    Do have more people problems in combination with the spooler? Any solution yet?
  7. pain4gain
    Offline

    pain4gain Registered Member

    Have you applied all the recommended settings listed in the article below? Did exclude all databases and/or folders that reside on your server and is accessed by your workstations?

    What are the recommended settings for an ESET security solution installed on a server? (4.0)

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
  8. RushB
    Offline

    RushB Registered Member

  9. utilman
    Offline

    utilman Registered Member

    Thanks pain4gain + RushB (and the rest) !!

    All settings changed in the xml and pushed that one to all servers.
    Rebooted the servers (to be sure) and no problems occurred today!
    Seems to work!!

    Thanks again for the help... :D
  10. RushB
    Offline

    RushB Registered Member

    No problem, it helped me here, but not 100%. My server is still crawling. ERA is eating 50-100,000k, tons of cpu, so I'm missing someting on my server.

    Later,
    RushB
  11. utilman
    Offline

    utilman Registered Member

    I was probably to exited to early.. :'(

    Servers ran great last couple of days, but crashed a few time today.
    I just added exclusions for this folder and file:

    C:\WINDOWS\system32\spool\PRINTERS
    C:\WINDOWS\system32\spoolsv.exe


    Hope this helps. Is what eset emailed me back after 2 days.

    Second DC I uninstalled 4.0.417 and installed 3.0.684 to see if it
    makes some difference. When the v3 DC keeps running and the v4 will
    crash somewhere these days......
  12. tanstaafl
    Offline

    tanstaafl Registered Member

    There really, really needs to be some pre-defined profiles set up, so you can just tell NOD32 that 'This is a Server', with some sub-profiles, like 'Exchange Server', etc.

    It should most definitely *NOT* be required to micromanage this in this manner.
  13. extremesanity
    Offline

    extremesanity Registered Member

    I am in the data center today trying to figure out why nod32 crashed my windows 2003 file server twice since yesterday, and it is running 4.0.417. This happened on version 3 also about 6 months ago.

    I am going to revise my config a little with:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
    and
    http://support.microsoft.com/kb/822158

    Hope that takes care of the problem *crosses fingers*.
    Last edited: Apr 15, 2009
  14. edwin3333
    Offline

    edwin3333 Registered Member

    I removed Nod32 3.0.684 from one of my DC's. I rebooted, installed 4.0.417.

    The Install gave an error "writing to disk, disk may be full." I clicked retry and it proceeded.

    The server operated fine until it did it's first update. It kinda looks like a component update is involved, but not certain.

    After that occurs, the server becomes very unresponsive. Extremely slow almost locked up. It will phone home to the RA server for about 20 or 30 minutes, then that quits and a reboot is required.

    Removal of Nod32 4.0.417 fails and leaves a lot of traces of it. Booting into safe mode allows me to remove the services, drivers and related registry entries. Attempt to clean install again, same problem.

    I have about 80 XP PC's running this, and some 2003/2000 machines. This is the first DC and the first with major issues.

    fwiw
  15. realitybytez
    Offline

    realitybytez Registered Member

    :oops:

    yikes. we just recently purchased a two-year subscription for nod32 based on our experience with version 2.7. after reading this thread, i'm wishing that we hadn't. i didn't realize that there were so many problems with version 4. i probably should have looked for something more stable. Anybody know if I can run version 2.7 on a Windows Server 2008 64-bit machine?
  16. edwin3333
    Offline

    edwin3333 Registered Member

    I dug into this problem, and took previous advice posted in this thread.

    Adding an exclusion from the RA for c:\*.* freed up the DC server.

    Then I disabled scanning of network drives on the DC's. The DC's were sending network FRS traffic back and forth, which you don't really want scanned at this level.

    Then I disabled realtime scanning of these folders;
    %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Director
    %systemroot%\sysvol\staging areas
    %systemroot%\ntfrs
    %systemroot%\system32\directory synchronization\
    %systemroot%\system32\ntds\

    So far so good. I have a problem in my environment with INI files and eSet 3/4. Digging into that shows that eSet gets in the way of a file that is opened, written to, and closed over and over. Such as the way INI files are. Ideally, these files should be opened and left open until all the writes are done. My guess is this same issue is causing problems in these directories.

    And as far as /this/ being a Nod32 issue, check the forums of other AV Vendors. The thing is that Nod32 previously didn't have these issues (2.5, 2.7) which is why I migrated to it and away from the other vendors which did have these type of problems. Nod is becoming more and more like I recall eTrust, Vet et al imo.


    Correction -- it ran fine for several hours and then it locked up again. And when I push exclusion c:\*.* from the RA it remains locked up.
    Last edited: Apr 15, 2009
  17. realitybytez
    Offline

    realitybytez Registered Member

    :mad:

    just when you thought it was safe . . .
  18. bradtech
    Offline

    bradtech Guest

    I've been running 4.0 on 2008 server 64bit.. Stable for the most part.. One issue with our file cluster but got a hotfix from microsoft and it appears to have fixed the issue *knock on wood*.
  19. realitybytez
    Offline

    realitybytez Registered Member

    well, that's encouraging (except for the "for the most part" qualifier).

    i'd really like to know what percentage of users is actually using 4.0 without any problems. coming to this forum, you tend to get a distorted view because you only read about the folks with problems.
  20. utilman
    Offline

    utilman Registered Member


    We probably all did. I made a xml for all servers with all settings mentioned
    in these url's and with the folowwing exclusions:

    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\SoftwareDistribution\DataStore\Logs\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\NTDS\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\ntfrs\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\SYSVOL\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\dhcp\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\wins\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\Mtadata\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\server_name.log" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\Mailroot\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\Mdbdata\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\srsdata\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\Conndata\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Exchsrvr\IMCData\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\inetsrv\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\IIS Temporary Compressed Files\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\windows\temp\Frontpagetempdir\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Windows\System32\ntmsdata\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\spool\PRINTERS\*.*" />
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\spoolsv.exe" />



    Still strange that there are no templates for this available.
    But even with all settings like they should and with all exclusions possible
    the servers are still crashing.

    Servers are now OK with ESET disabled on one, and the other with 3.0.684.
    Response of eset support is very slow, and default answers.

    Strange thing is that on another site we have no problems with 4.0314
    running on 20 servers.
  21. rlu929s
    Offline

    rlu929s Registered Member

    I figued I'd add my experience. I recently tested Eset and thought it would be a great AV product. Went ahead and bought a 2yr license and pushed it out after configuring everything.

    Like everyone else it was wreaking havoc on my network. Random PC's were freezing at Applying Computer Setting at reboot.

    Then my DC started crashing at regular intervals and eventually would not boot up.

    I worked with support some on this and all they ever said was do a scan using their scan tool.

    I even updated to the latest version and it crashed my DC as well. After a week of these and constantly trying fixes just to have it crash I gave up.

    I'm getting a refund and am pushing out something else.

    I can't have products being released with this many bugs on my network.
  22. realitybytez
    Offline

    realitybytez Registered Member

    Would you pm me and let me know what you had to do to get a refund? I'm ready to switch to something else as well. But I'll never get approval to do so unless I can get back the four grand we just spent. I'd also be interested in knowing which products you are considering to replace NOD32.
  23. bradtech
    Offline

    bradtech Guest


    Honestly I don't know if the problem we are having with the cluster services is related to NOD32 4.0.417 update.. I know when it failed over to another server with 4.0.413 it failed again.. Consequently I have uninstalled 4.0.417 and 4.0.417, and returned to the version before that I knew caused no issues which was 3.0.672.. I know 3.0.684 was the last but at least I know that version does not kill my file servers in a cluster.. I am religious about exclusions also..
  24. realitybytez
    Offline

    realitybytez Registered Member

    it's probably naive of me, but i always feel like i'm cheating when i exclude specific folders from scanning. something in the back of my mind keeps asking "but, what if that's where the malware is?". o_O
  25. rlu929s
    Offline

    rlu929s Registered Member

    Reality: The PM system on this forum is not working so I guess I'll have to reply here.

    I just called the 3rd party reseller that I bought it from and they were very kind and helpful. They tried to get me into tier 3 support but I just told them I couldn't risk my DC anymore.

    We were in the process of paying them and they called Eset and got the refund and the license removing. They said since it had not been 30 days yet.

    We went with CA ETrust Threat MGT instead. I've rolled it out and removed Eset on those machine and my workstations are doing great again and my server has not crashed or locked up once.

    It was for sure Eset causing those and many more problems.
Thread Status:
Not open for further replies.