Has the windows 2008 crash bug been fixed

Discussion in 'ESET NOD32 Antivirus' started by majortom1981, Jun 7, 2010.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    If the freeze occurred with the latest version 4.2.64, I'd suggest renaming the driver C:\WINDOWS\system32\drivers\epfwwfpr.sys in safe mode. We've had cases with Win 2008 servers running Exchange where the freeze or other problems were caused by Windows. Microsoft engineers received dumps from us, analyzed them and confirmed the problem is on their end. Until a fix is available (probably incuded in the next service pack), it is necessary to disable the ESET WFP driver as mentioned above if you encounter problems.
     
  2. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    I've had this crash on SBS2008 with EMSX 4.3 beta and the driver turned off as well. Dump is with the devs right now, so i'm hoping for a quick fix :).
     
  3. glitch

    glitch Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    127
    Have also experienced the problem and have downgraded for the moment to version 3 will monitor this topic to see what the results are.
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    It could be a conflict with a driver from certain versions of Symantec's backupexec, so if you have that running on a test machine try to uninstall that and see what happens.
     
  5. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92

    Hmmmm thats interesting.......

    Since we've migrated from Virtual Server 2005 SP1 to Windows Server 2008 R2 with Hyper-V I've noticed that the some servers randomly hang and guessing from the point that it happens, its appears to be when Backup Exec 12.5 SP3 is using VSS to snapshot the Virtual Servers.

    Has any body else had problems wiith servers becoming unresponsive with Both Eset Nod32 V4.2.x and Backup Exec installed?
     
  6. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Well I have one support case running with this so far, it seems that VirtFile.sys is causing the issue in this case. I'm not saying this is the problem everywhere though.
     
  7. OverdriveLtd

    OverdriveLtd Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    2
    Hi There,

    To confirm; we also experience these random lockups when using EMSX.

    The server in question is running:

    Windows SBS Server 2008 SP2 (x64)
    Microsoft Exchange 2007 SP3
    Symantec Backup Exec 2010 (13.0 build 2896) (x64)
    YES the correct exclusions have been made, both MS & Esets reccomendations. We have also added further exclusions to no avail.

    Any installation of EMSX (earlier or latest version) results in a 'countdown to lock up'. It may take 1h, it may take 24h, but eventually, like previous posters, the server becomes completely unresponsive via Network or Console. The only way to recover is to reboot, and this moreoften than not causes the SATA RAID Array to go inconsistent. Unacceptable.

    We have noted this has been a long running issue with Eset Mail Security for Exchange; and we're not prepared to tolerate waiting for a solution any longer. If there is no road-map for a fix, then we will simply get a refund for the client in question (as the product has been completely unusable since purchase).

    'Installing NOD32 V3.x' is not an option - as this is not Mail Security for Exchange.

    We are an Eset reseller, and supply NOD/ESMX to all of our clients. We will be forced to look at alternatives to ESMX if this cannot be rectified in the immediate future (1-2 weeks). Eset: while you dodder around in denial that there is in fact a problem (I paraphrase earlier posts from ESET Staff basically saying 'what problem? never heard of a problem with NOD and SBS200:cool:, customers are exposed to threats.

    We will research an appropriate replacement product; and in time, should there be continued lack of support from Eset, we may well re-evaluate our supplying of all Eset products. Since we carry a couple of thousand subscriptions on our list - this would be a terrible loss for Eset.

    But I have to say - this problem with EMSX & SBS2008/Backup Exec has been going on for *some time* and its NOT acceptable that a purchased product performs in this way - for such a long peroid. Bugs are bugs, but this EMSX appears to be broken. It is entirely reproducable - simply install SBS2008 SP2, Backup Exec 2010, Exchange 2007 & EMSX - and it will happen. I've caused it to occur in a VM and on a seperate testbed system (as well as on the live server).

    Keith
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    By latest version, do you mean EMSX 4.3 beta? The beta has an option for disabling application protocol content filtering which needs to be done on certain Win2008 Server configurations to prevent lockups due to a bug in Windows which was confirmed by Microsoft and will be fixed most likely in the next Windows 2008 Server service pack.

    If you're running EMSX 4.2, you can achieve the same by renaming C:\Windows\System32\drivers\epfwwfpr.sys in safe mode which should prevent any further lockups.
     
  9. OverdriveLtd

    OverdriveLtd Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    2
    Thanks Marcos, I will test these (4.3 + disabling protocol filtering AND renaming the epfwwfpr.sys file) over the weekend on our testbeds & report back.

    Keith
     
  10. ThatITGuy

    ThatITGuy Registered Member

    Joined:
    Nov 19, 2010
    Posts:
    3
    Location:
    Vancouver, BC
    I can say that our Windows 2008 Servers have been fine since we put in the epfwwfpr.sys fix. I had a case open with support for a few days and it took a while before someone finally admitted this fix would work on all 2008 / 2008 R2 servers. A few weeks have gone by and our systems have remained stable. The only issue I have is that every few hours I get a e-mail notification that the firewall is not running on those machines. I found that some 2008 machines crashed quickly (especially those running Exchange 2010), compared to those that we're fresh installs with little to no work load yet.

    Does anyone know where to go to setup which alerts you get via e-mail?
     
  11. HeavenCore

    HeavenCore Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    1
    Just to add our 2-cents to this thread.
    We also have 3 servers experiencing this issue, specifically:
    • Complete Windows Lock Up
    • Locks randomly, sometimes twice in a day, sometimes 6 days apart
    • Mouse Locks, Num Lock Locks
    • Nothing in Windows Event Log
    • Nothing in Dell Server Manager
    • No Crash Dump of any kind

    The servers in question are all Dell, 2 x 2950's and 1 x R710.
    All three are running Windows 2008 x64
    All three are running ESET 4.2
    All three of them are running SQL SERVER 2008 64bit
    None of them are running exchange

    We are investigating keyboard method for producing a dump etc and will update this thread when we know more.
     
  12. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    Out of interest, does it respond to pings?

    We had this on a few servers, and in each case the server was unresponsive but it did still answer to pings.



    Jim
     
  13. Kona

    Kona Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    12
    Location:
    Newcastle upon Tyne
    Just sticking my 2p in.

    We also have this issue with one of our clients Small Business Servers running ESMX v4 and Backup Exec, the driver renaming fix didn't work so were currently running without AV. Have ESET given an estimated fix date yet? It's not like this is a small bug, it's fairly show-stopping.

    Thanks,

    Craig.
     
  14. superbrian21

    superbrian21 Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    4
    Hi,

    i´m a eset reseller we have five 2008 sbs with ESMX v4.2.1000.20.

    Two of them frozze every day. we did all exclusion and everything eset told to us.

    an now came the epfwwfpr.sys fix
    we scan both server for the file
    but on the two server the file epfwwfpr.sys
    is not in c:\windows\system32\drivers\ location
    but in c:\Program Files\ESET\ESET Mail Security\location.
    (is it possible??)

    we renamed the file in epfwwfpr_old.sys and
    restart the server.

    we can to this without the safe mode.

    course we deactived the self protection in NOD.

    Everything is OK. The eset icon in the systemtray ist also green.

    do you think i did it fine?

    mfg. greetings from germany Cologne (Köln)
    Peter
     
  15. superbrian21

    superbrian21 Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    4
    The server is 2 times this weekend frozen.

    This is not an acceptable situation. We will remove your Anti-Virus ESMX v4.2.100.20. What we can install as an alternative? We use a Windows 2008 SBS one with an Exchange 2007 SP3 RU1.

    Please find a solution to the problem.

    Thank you and we are waiting for a quick response.
     
  16. marley1

    marley1 Registered Member

    Joined:
    Mar 13, 2009
    Posts:
    30
    I just did a Server 2008 R2 install and have a Server 2008 R2 Foundation in the back getting prepped. Came into research this and I am extermely dissapointed this is still going on.

    I had these issues about 6-8 months ago with SBS 08 systems which since then I have no AV on the server as to these lock ups.

    How is this still an issue. I consider myself a pretty large reseller of ESET, sell alot of the ESET Nod32 for personal machines and also for corporate.

    Why is this still around, and still little information from ESET?
     
  17. superbrian21

    superbrian21 Registered Member

    Joined:
    Jun 4, 2007
    Posts:
    4
    Hi,
    the problems have not stopped. The server hangs all the latest 2 days.
    We have solved the problem. ESET has been uninstalled and Avira Small Business Suite has been installed. As of now the server is running stable again.
    Too bad but I was left no alternative solution.
    The support could not help me.
     
  18. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Simple, as soon as people experience this they uninstall the software so ESET cannot gather the required info.
     
  19. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    If anyone who is experiencing this problem has a Hewlett-Packard ProLiant DL380 G6 series server with a P212, P410, P410i, P411, P712m or P812 Smart Array card present, can they please check to see if this firmware has been installed yet? Thank you.

    Regards,

    Aryeh Goretsky
     
  20. glitch

    glitch Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    127
    I'm sorry to say but this is taking so much time for ESET. You can't tell me that somebody in the ESET testing office took the liberty to install Windows 2008 themselves and test the software. We only install V3 on all Windows 2008 machines as this is not causing any problems. But it is taking a while now before ESET gives in with a solution to actually track down this bug themselves.
     
  21. glitch

    glitch Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    127
    I disagree partly with this. If the experience with the software in the PAST was good then customers tend to keep it but only if there is a solution to solve the problem. We also deliver software and we can't ask our customer to track down the bugs for us. As there are valid testing procedure like Tmap and such but also just random testing methods, ESET should also have these (and I guess they have). As this problems seems to occure when someone installs a Windows 2008 server from scratch and then install Eset V4.X and as it seems this happens in 95% of all cases then this is a fairly easy bug to track down (not customer specific) thus ESET should take the liberty to track it down in their office by doing a few installs them selves (I can't imagine they didn't).

    Just a quick question though: What happens if a customer has a SLA with ESET and experienced this bug?
     
  22. marley1

    marley1 Registered Member

    Joined:
    Mar 13, 2009
    Posts:
    30
    I am actually looking at Vipre Antivirus right now, and this looks to be very promissing, cheaper price as a reseller for both the home and the corporate..
     
  23. glitch

    glitch Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    127
    Promissing yes but we have tested it and the results are fairly poor so not in the same league as ESET NOD32. Only advantage that they have is that they don't lock windows 2008 servers :D
     
  24. marley1

    marley1 Registered Member

    Joined:
    Mar 13, 2009
    Posts:
    30
    What results? So far from my results, seems like it uses less resources then ESET, costs are lower (it seems), scanning seems good, management seems good.

    What tests didn't work good?
     
  25. glitch

    glitch Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    127
    Detection! update sizes etc.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.