AV Definition update caused error

I have to re-iterate I have seen this blank GUI on the 27 August 2010 and only a re-install using the ESET uninstaller worked for me in safe mode on one machine so I think this problem is still lurking and not became active when the 5417 and 5418 engines were deployed.

 

Surely not. Did the system fall to BSOD? Is there any error message in the system event log?

The thing is ekrn with a problematic engine loaded may rarely get to a state when it stops responding. In such case the fix will not work and it will be necessary to restart the machine. If a restart is inevitable, boot to safe mode and delete em002_32.dat in the ESET folder. After booting to normal mode, update to the proper version 4519.

 

I have checked various websites today to see if they picked up on it, but they haven't.

And to be honest, I have no interest in tipping them off. I genuinely believe ESET is still the best out there, and Marcos and the guys clearly worked their socks off yesterday to recover the situation. So whilst it was a desperate situation for many yesterday, I think ESET have tried hard to recover from it.

My 2p.

 

What a disaster.

While we will continue to use ESET, we were greatly angered (luckily our server room is a vacuum and the swearing could not be heard outside) and disappointed.

I would be curious to know what the lost revenue is for this fiasco. We lost about 4 hours of our work day (240 employees) across our 16 locations.

 

I have a question about moving forward.... If I need to push some installs to clients that don't have Nod32 installed and I use a package pre-5417 will I end up with the same issue during update? If so, when can we expect a new package to be available?

 

As many already have said fixing this was much easier, than when McAfee deleted Svchost

 

PC Pro and Thinq have both reported the problems, with both quoting posts from this thread by Marcos and users. The Thinq 'article' insinuates lack of testing and isn't fairly written, in my opinion.

I emphasise with those majorly affected, I'm just a home user so it wasn't a big problem for me. It isn't the first time this has happened to an AV company and it surely won't be the last.

 

As I wrote, this particular kind of problem had never occurred before and measures have been taken to prevent these problems from occurring in the future. We are truly sorry for the inconvenience caused. An official statement for media is being prepared that will contain a detailed description of what happened, the reasons why the update passed pre-release QA testing as well as plans how to prevent this kind of problems from happening in the future.

 

What really upsets me here is that this wasn't something that only manifested itself in certain unusual circumstances. I've got 30 servers and 1200 PCs. 20 of the servers and about 80% of the PCs had problems. Other posters had even more affected. We're talking about a VERY high percentage of PCs, so I don't see how it wasn't picked up in testing assuming ESET is using even a reasonble size test environment.

I understand the update in isolation may not have been a problem, but if it wasn't tested by being applied over 5417, then it wasn't tested in the manner that probably 99.9% of clients would apply it.

What I really want to know if ESET's own production environment was affected. Because from the way this is being described, I have to assume it must have been.

James

 

Has there been any definition updates since 5419 yesterday morning?

 

http://www.eset.com/threat-center/threatsense-updates

 

Still nope

 

As a home user, the only thing I saw was what was in my system log in the event viewer. There were two instances of the Eset service terminating unexpectedly and each time restarting. That was all. It might be very interesting to find out across the user base for Eset products, whether this was happening consistently in cases where the systems did not freeze or obviously fail. Eset products do report statistics where this is enabled in the software. Maybe that will help Eset to determine the extent of the problem.

p.s. I have virus signature 5420 as of this morning (20100903)

 

What we have witnessed is the evidence and reason why ESET doesn't push program updates. Their whole argument against automatic push of program updates rests on the belief that its no way possible to ensure compatibility with all users. Well today they can pat their backs and wink to each other - told ya so, we have full confidence in our mediocre QA setup and today you saw a demo. Don't ask for auto program updates again. The fact that we made it so far with definitions should be applauded. But then a niggling thought looms in a far corner of the mind - how have Symantec, Avira, avast, AVG, Sophos, Emsisoft managed to make it possible so far?

 

Thanks Marcos, but it is not over yet.

After getting the latest 5419 definition, some of the problems did not go away.

I have more than 1000 XP SP3 (Spanish) PCs and they ALL had the described problems. An apology from Eset is no sufficient.

One problem that continues to exist after 5419 is related to USB ports, and a Windows bubble says:
http://www.online-tech-tips.com/wp-content/uploads/2008/07/usbdevicenotrecognized-thumb.png

It appears to be an strange unrelated error, but it is NOT. After NOD updated itself, some pcs (10%) go mad and require constant reboots. Of course USB hardware stop responding.

Thanks god I did not put NOD on my servers.

Also, I uninstalled NOD on some pcs and reinstalled it, they updated to 5419 and the pc became unusable AGAIN. I did had to restart to use the PC.

This is terrible. Please ESET get it right NOW because more than 1000 users are going nuts, and problem persists.

Someone said something like "Get used to it (problems). Technology is not perfect." Well, its clear that people arent perfect and Eset made a mistake. But this is a disaster.

 

Come on, here these guys are applauding themselves on how 'atleast we didnt delete the svchost.exe' and you are spoiling the party.

 

I'm afraid it did. From the System log:

The process msiexec.exe has initiated the restart of computer xxxxxxxx on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
Reason Code: 0x80030002
Shutdown Type: restart
Comment: The Windows Installer initiated a system restart to complete or continue the configuration of 'ESET NOD32 Antivirus'.

I'm hesitant to run this on any more systems until I can be sure they aren't going to restart as well.

 

Since my mirror server updated to 5419 yesterday morning we have not received any updates. I forced the server to check for updates and it just returns 5419 as the latest update. According to the link posted above 5420 is available but I'm unable to download it. Anyone else seeing this?

 

i can confirm that WIndows 7 based is NOT affected... but Server 2008 is.

 

I also forced but stil 5419 is latest... for now

 

I support 30 servers and approx 200 workstations spread over about 12 customer sites. This issue affected all of them except one. I too have spent the entire day rebooting servers and workstations and apologizing to my clients for the downtime and the loss of work that many of the users experienced when their workstations suddenly hung.

I have built my Managed Service Provision business based on trust and quality, this incident has dented some of my customers confidence and I am not happy!

Surely a problem as widespread as this should have been picked up in testing? It had such an immediate detrimental effect it simply cant have gone unnoticed?

Issues do get through, how many Microsoft updates have we had over the years that have caused problems, however we do have to trust the vendors to get it right and to test properly and clearly this wasnt in this case. If we cant trust the vendors then nothing will get updated!

I would however like some form of official apology from ESET to email to my customers.

 

I have 1 ERA that when I manually try to update it tells me "Failed, CANT_DOWNLOAD (date, time)"
The other ERA just downloaded the 5420 updates after I manually hit the "Update now" button.....

Is 5420 released, and good?
And why can't I download it?

 

Indeed problems with Win 2008 (SBS) server, netwerk connections lost, bsod, even the network card got disappeared after a while, updated to latest signature but no luck, finally uninstalled Smart Security on the server and the problem was solved, reinstalled the Smart Security and got the same problems again...finally uninstalled it again and waiting for some solution......at least network is up again.

 

Windows 7 is affected.

 

Is there a way to delay updates. I also spent the day apologizing to my staff and I had to hard shutdown one of my servers.. HARD SHUTDOWN!!

I hate to be the person who says this, but this is unacceptable. I'm new to Eset as of two months ago, and I've already had two catastropic problems (one with Windows updates and this one).

Even though it isn't best practice, I'm hoping that I can stop the automatic updates and download updates manually or on a delayed schedule.