AV Definition update caused error

It actually does, it's basically code revert to v. 5416 and we haven't receive any complaints from users so far. Did you actually use the ESET Update Fix tool as described in this KB article?

 

On my over 150 stations and few servers the problem is the same. Block internet, problem ekrn.exe - on random PC. We have 5419 update!!!. And PC was restart yesterday and today we have the same problem.

- crash ekrn.exe
- block internet
- block programs - Lotus notes and other

GRRRR ESET!

 

Didn't running the ESET Update Fix tool help?

 

Does that mean there are no definitions for malware occurances since the original release of 5416?

Someone also asked how a definition update could cause computers to freeze completely. I still haven't seen an answer to that question.

 

Signatures were added but certain additional code was removed.

 

I think you're missing the point here. It's all well and good saying 5419 fixes the problem, but the damage has already been done. Our PCs for example, all blue screened and CHKDSK ran on boot-up due to inconsistencies. CHKDSK very rarely runs unless there's a problem.

That aside, some of our PCs that are now running 5419 won't connect to ERA. They've been rebooted, but they just don't want to connect to ERA. Some clients do, these ones don't. That means I'm going to have to take those PCs out of action now to reinstall EAV; possibly even uninstall then reinstall, all of which will take time. I don't know if it's just EAV-ERA connectivity that's broken, for all I know the AV side could not be working properly now, so potentially the PCs security is at risk.

The problem is far from fixed!

 

Yes please

 

The Update fix does nothing for us.
We can´t start the gui for Nod32, it stalls when the splash screen is shown.

The administrator gui says that the server is updated to 5419.
Tha splash screen says 5418.

Restarting the server is not an option.

 

Then what the **** is the purpose of the "Do not update program components" option? I always enable this option because I do not want automatic updates to programs causing problems. I was under the assumption that with this option enabled there would only be updates to the definitions and nothing else. Now you're telling me it still updates program code!

 

That's wrong. Pure signatures without a scanning engine would be useless. The option you refer to is for program component updates that take place on a 1-2 year basis (it's been explained in several other threads here at Wilders).

 

NOD32 contains a scanning engine directly after installation and without any updates. So how is an update to the scanning engine not a program component update? And why does the engine need updates, apart from new definitions, to recognize new malware anyway? Is it broken?

 

well I still like and use it.

 

I've still got a server that I can't get to... RDP isn't working, it pings though.. I can't get onto it remotely to run the tool... I'm going to have to get in my car.. *sigh*. A bunch of clients that are hung, will have to track them all down manually, before a user tries to use them and moan "nothing works round here".

Will take a while to forget Sept 2nd 2010, or as I heard someone call it over the phone... "rESET Day".

 

Same problem...

 

FYI, if your GUIs are blank, if the ERA reports one thing and the GUI says another, then.... you guessed it reboot. Or use the tool, the bug is in 5417 and 5418 and manifests on UPDATE.

So you need at least one (if not two) reboots AFTER you have 5419 on the client, which doesn't include the reboot you had to do for 5417/8. Also, we've had one or two PCs that won't connect to the internet afterwards either, those took 3 reboots. Not all Pcs had this, some actually were working fine, although better safe than sorry, reboot after 5419... perhaps even twice to be 100% sure.

Although, if they're talking to ERA, and have internet, then it's probably safe on that client then.

Even using the tool... I'd schedule a reboot at the earliest opportunity.

PS. down to 6 clients left to do, yay!

 

To avoid reboots after an update to v. 5419, use the ESET Update Fix tool per the instructions here.

 

Just tried this tool for the first time on a server that had 5418 installed.

As per the instructions here:

http://kb.eset.com/esetkb/index?page=content&id=NEWS99

Ran tool
Manually updated ESET
RDP session died
Server rebooted by itself without prompting

Not exactly what I'd hoped for

 

Unless 5419 has caused it to hang of course.... in which case I've not found any alternative to physically powering it off at it's location... bit of a problem when you're not near it...

 

The Update Fix tool MUST be run after the virus signature database was updated to v. 5419 or newer. A quote from the article:

 

You may wish to change the wording of this line then:

"For customers running virus signature update 5417 or 5418, run the utility and then manually update workstations."

 

Marcos, I've found that the update tool doesn't appear to work on our 2008 Servers - R1, R2, x86 & x64 versions.

Any ideas?

 

Running Server 2008 R2 (64 bit, duh) , Virtualised in ESXi

NOD Product version: 4.0.474
Virus signature database 5417

NOD Splashscreen is on display, running the eset_update_fix.exe program results in the ekrn.exe *32 process going to 99% CPU usage and killing the server. Been left for over an hour and its still eating 99% CPU.

Anyone have any ideas?

 

Sorry for the confusion. Given that the fix deletes the engine 5417 or 5418, the problematic engines won't be reloaded and subsequent update will download the proper version 5419. The fix is meant mainly for those who cannot afford restarting the computer. Failing this, boot to safe mode, delete em002_32.dat in the ESET folder and update to the latest version after booting to normal mode. Alternatively, uninstallation and reinstallation should fix the problem as well.

 

I'm still confused. In this case I had a server running 5418 which we couldn't afford to reboot. I ran the fix, updated then the server rebooted anyway (by itself).

Is this the correct behaviour?

If that's the case then how do I update servers running 5418 without them rebooting?

 

Lucky for ESET, this glorious mess has not yet reached the general public. I really wonder why. Media went ape-crazy on McAfee when they bricked machines with their update.