NOD32 v5 is horribly broken (at least for me)

Discussion in 'ESET NOD32 Antivirus' started by orclev, Sep 18, 2011.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    Here is what I did now:

    Setup a windows XP SP3 machine.
    Updated fully patched
    installed TC and encrypted drive
    Installed Eset Nod32 V5
    booted and successfully mounted my 1TB drive with no issues.

    This is a clean machine with nothing but Eset and TC installed. Maybe your install is botched. Try uninstalling and removing ALL Eset related files that may be left over after and than reinstalling Eset. Sometimes this may fix the issue. (Something may be left after uninstall that's causing the issue. I had a similar issue a while back with Avast! where I had to do this or the install reported a corrupt dll and caused a BSOD).

    I hope it works. Good luck
     
  2. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I'm not a moderator, but I know that if you submit a support ticket, you have to enter your OS and what Eset product you are using and then provide details in a comment section. So, Eset does know that you are using XP. I submitted a support ticket yesterday. If they respond with an ftp link for me, I will consider that to be for me only and not for the world. That's just logical. Did you try that eamonm.sys file? Maybe it would do nothing or maybe it would solve a problem. If it is only for Windows 7, it is unlikely to load in XP, and nothing will happen.
     
    Last edited: Oct 2, 2011
  3. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Thank you for doing that x942, but this still doesn't prove anything. The question is, are you running System Encryption? Do you know what that is before we go on?
    Loading an encrypted drive is not a big deal. System Encryption is a different animal because your main OS drive is also encrypted. The Truecrypt driver is always loaded. It needs to be because it handles all data reads and writes on-the-fly (In memory). Everything that happens in a windows session is handled by the Ttruecrypt driver because the data on a "system encrypted drive" can only be read by the Truecrypt driver. That's also why you can't just boot into safe mode if you need to replace the Nod32 sys driver. Because there is no Truecrypt driver in safe mode to read an encrypted system drive. (this is by design for added security) So to replace this Nod32 driver, would require a user to decrypt the entire drive. we're talking hours...and hours. Which is why they should have an installer specific to users of TC, if they can't fix the problem inside the installer itself. Nod32 doesn't seem to want to play nice with the Truecrypt driver. Take a look at what other TC users (running system encryption) are saying across the boards.


    Well I did specify that in my message to them, but honestly, their ESET Inspector application generates a massive log file, and I looked tough it. If they can't tell I'm on XP from that log, I don't know what to say. The log was very..very...very detailed.


    I didn't see it as a personal link because the URL/URI didn't have any special numbers attached to it, as though it was specific to my case. It was just a generic link, the same one that many others are sharing all across the boards.


    Yes, I just replaced the "eamon.sys" with the new "eamonm.sys" they sent me. It didn't work, the program loaded with an error that said "There is a critical error" so I put the old driver file back. I'm not surprised that it didn't recognize the sys file ESET sent me. Because the name of the file is different than what their instructions say in my email. I need the correct file...lol. This is beginning to be more work than it's worth. Not to mention if they "Do Not" include a fix in the next client release, ...what am I suppose to, decrypt my entire OS drive just to put their software on? Because you can't boot into safe mode with System Encryption if you need to replace this driver file. And as far as what someone here said about just disabling the service, I thought one of the features of this Nod32v5 was that it can't be disabled from the service applet. I mean if it could a virus could do that to also then ..you know what I mean. I hope they release a special version for Truecrypt users if they find that they can't fix it. For now, I'll keep using v4
     
    Last edited: Oct 2, 2011
  4. x942

    x942 Guest

    i have said multiple times including in the text you just quoted I am using FDE. Normally PGP but for this test I used TC. (Also why are you trying to lecture me on FDE? read the majority of the posts I make; they are almost all about encryption LOL)

    I said
    Anyways, I have setup the computer to spec with what you have shared and do NOT have any issues.

    Windows XP SP3
    FDE TC

    No issues with booting or mounting or anything. I have no lag nothing.

    Can you tell me anything else about your system? Maybe something else is at play here.
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    The ESET Service cannot be stopped, unless self-defense or the entire HIPS feature is disabled first.
    The realtime driver possibly can be prevented from starting automatically in Advanced options.
     
  6. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Yes, the realtime driver can be prevented from starting automatically. IF that is done, then NOD32 is disabled until you re-enable it manually. Windows may complain that your computer is not protected, though you can change that setting if you are using the security panel in Windows. NOD32 will still show the "red" tray icon. Some things that did not work properly at boot may now work if automatic starting is disabled. This not a real fix.
     
  7. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Ok, what's with the attitude?
    I asked if you knew what "System Encryption" was in order to eliminate any misunderstanding. I don't know you, how do I know what you do or don't know? My apologies.

    Once again, I don't think you understand what "System Encryption" is. FDE = Full Disk Encryption.. all that means is the entire disk is encrypted. System Encryption means the "primary operating system drive" is encrypted and the Truecrypt On-The-Fly driver is translating read and writes to and from the OS. This takes many hours to set up, and your test results came too quick for that. I would post a link to this System Encryption section of the Truecrypt documentation but it would probably be removed as my other link was. There is nothing on the System Encryption doc page that says anything about FDE. System Encryption is the term used at the TC site and one that most people recognize in regard to the driver that handles read/write translation. FDE = Full Disk Encryption. ...not the same thing.

    Anyway, ESET told me on the phone today to exclude the Truecrypt program directory. I did and it made no difference.
    They escalated me to level 3 and I explained all this to the support staff so we'll see what comes of it.
     
    Last edited: Oct 3, 2011
  8. x942

    x942 Guest

    1) There was no attitude. It was intended as a joke (hence the LOL at the end).

    2) System Encryption is a form of FDE. I assumed you would understand that as that is what we were talking about. Also if you read these forums you would notice almost every post saying FDE is discussing system encryption, sorry for sticking with the apparent norm here.


    3) I was only trying to help by replicating the problem. You are insistent it is Eset and not anything else. I have set up my laptop in the exact same way as you (from what you have told me) and cannot reproduce this issue. As I said try removing Eset completely - Uninstall it and remove any and all folders and temp files from it. Then reinstall. This COULD fix it. I had the same issue with Avast! a while back and this worked.

    If the above doesn't work then something else may be conflicting with Eset and causing the lag. What programs do you have running?

    EDIT:
    Also to note PGP Calls it Whole Disk Encryption regardless of system drive or non-system drive. So guess I'm not the only one.
     
  9. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    So there are no issues after disabling the "start realtime protection automatically" and a normal reboot?
    If you replace the file eamon.sys driver, enable the autostart of the driver and then reboot, the problem is fixed?
     
  10. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I never said that. I was never sent an 'eamon.sys" file. I do have a support ticket in place now and will follow the steps in that rather than commenting more on someone else's problem, since I don't use disk encryption myself.

    Added: I finally uninstalled ver 5.0.93 until there is an update that addresses the USB issue and other problems. I reinstalled 4.2.71.2 and it seems to be working fine and the system is stable (cross fingers).

    I am sure that the issues that some users are having will be addressed eventually. Support has told me I will be advised.
     
    Last edited: Oct 4, 2011
  11. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Interesing you say that rcdailey,
    because I also was never sent this file. Instead they sent me a file called "'eamonm.sys" ...with an extra "m" in the file name

    what's even more amazing is the fact that I asked two different Level2 support members what this file is and they have no idea. The URL link they sent me also has the extra "m" in the name/path. I can only guess that both the URL address and the file name have typos. Maybe I can just rename the file by removing the "m" I'm going to try this when I get home.
     
  12. x942

    x942 Guest

    The file is the system monitor driver for Eset. For more details:

    http://www.computerhope.com/cgi-bin/process.pl?p=eamon.sys

    There is only supposed to be one m.
     
  13. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    x942, I do realize that, thank you though. ( as I said I do have this file just to confirm).

    However, The file that ESET sent me as a replacement for that file you mentioned is named "'eamonm.sys" ...note the extra (m) in the file name. There is no file on my system called ("'eamonm.sys"). there is one called ("'eamon.sys") however. So the next question is, what is "'eamonm.sys"? Eset can't seem to explain it, and even after talking to their level 3 support, I never got an email back from them with an answer. Now they just released v5.0.94.0, but no mention of freezing issues or Truecrypt in the change log: The next ticket I send them will have 100 links to all the posts from TC users across the net.


    October 4, 2011 - 5.0.94.0
    Changelog for ESET Smart Security and ESET NOD32 Antivirus
    --------------
    Fix: Parental control has issues with displaying of user accounts within Windows 7
    Fix: too many redundant logs within parental control reports
    Fix: issues with installation on other than default location
    Fix: issues with re-activation of product in a case of no internet connection
     
    Last edited: Oct 5, 2011
  14. x942

    x942 Guest

    Very interesting. Try renaming the driver to drop the "m" and replace the driver (Back up first). If it is from Eset it won't be malware or anything. Worse case you will need to get into safe mode and replace the original.
     
  15. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Well I called Eset again today, the guy was talking to his manager, he said the file they sent me was named correct, it's a special isolated driver. Anyway, it's not working. Also, the instructions in the email were wrong, they said to put this in the system32 directory.
    It actually goes in the System32/drivers folder. But anyway, the program just loads with an error, so I replaced the old driver.

    I just upgraded to the new Nod32...x.x.x94 and tried to mount a fully encrypted TC drive, "I don't have system encryption" running on this 2nd computer. Same thing, the system froze and I had to hit the power. This is a completely different computer also running Truecrypt 7.1

    Apparently, Eset is looking into this matter, it's been escalated up higher... maybe up to the moon..lol.
     
  16. x942

    x942 Guest

    Lol very strange.
     
  17. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Well X942, you're last response above .. was in October 8th. It's over one month, still nothing from ESET about this freezing. I Just had my sister in California remove v5 from my nieces new laptop, it's freezing her system as well. I sent her v.4.67.10, No issues with v4. I also removed it from my dad's computer which was also freezing. All these computers have different hardware and are running WinXP Pro spk3, except for my nieces computer which has Win7.

    I sent ESET a follow-up email last week to see what kind of progress they made, no response. Doesn't look like they have a fix for this ..still.
     
  18. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    stop e-mailed and phone to customer care
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please refer to this KB article.
     
  20. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    So far so good, Thanks for that link Marcos!
    I also just upgraded to the latest official 5.0.95. The installer at your link as well as this new offical release seems to have addressed this freezes.
    Although my issue was not USB related, it seems to have fixed the TrueCrypt mounting issue!

    Thanks!
     
  21. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    So is anybody successfully installing over the top of v4 or is that explicitly to be avoided?

    Seems that advice has always been present with every update.. however installing over the top has always been fine.....
    Just wondering if going to a whole new # version "v4 vs v5" if its a problem?

    I hate to reset all my settings... too bad there is not a backup.. but I suppose that wouldn't work if the new version is too different/
     
  22. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    ok... I went ahead and installed the latest v5 and it gives me an authentication error.

    I uninstalled my v4 first, rebooted etc.

    Wow.... I thought this issue was resolved?
     
  23. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    No one replied and I couldn't get v5 activated....
    Had to go back to v4... no problems with activation with v4.

    I'm rather frustrated I wasted 2 hours uninstalling v4, installing v5, uninstalling v5 again and reinstalling v4.

    Feeling like a beta tester... don't know what the problem was but my system runs perfect.. until I tried to activate v5.

    I don't expect I'll give v5 another chance...... I don't need the hassle.
     
  24. locked_mountain

    locked_mountain Registered Member

    Joined:
    Sep 17, 2011
    Posts:
    18
    Welcome to the club. After sending 4 ticket support requests, and receiving totally unrelated responses back, they did not answer my direct question, I told them where to go. I'm convinced they have automated responses 99% of the time. My software is due for updating in January. I recommend Nod32 to all my customers I build systems for. I'm really starting to second guess if this is the path I want to continue on.

    windstrings, as far as authentication is concerned;
    I "also" get this authentication error on all computers running Nod32, these are all different authentication passwords for my family members. However, although I get the red icon, if I click the Update virus signature database link in the "Update screen", it updates the definitions fine and the program icon then turns back to green and everything is fine. Have you tried clicking that? I know how you feel though, I can't imagine this stuff wouldn't be happening to the ESET developers also. They must be testing on really...stripped down systems with like nothing running in regards to software.

    I think ESET is a little behind when it comes to databases in general. The reason I say that is because when you change your personal email address, (the one you have registered with them) you have to call them on the phone rather then simply logging into your account at their site and update it. Someone on the phone at ESET a while back said that their email database is not that advanced to allow users to update their email address. I'm assuming they have not evolved to a well implemented authentication system in their software/signature database either.
     
    Last edited: Dec 18, 2011
  25. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Thanks but V4 works great and its fast.... why mess with being a beta tester when I don't have to?

    I'll just keep v4 on for now till till more bugs get worked out of 5.

    When I didn't get any responses, I didn't have time to wait forever so thats my solution...

    I"m not willing to go through the hassle of what I already did once.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.