Beware of MS hotfixes KB2735855 and KB2750841

I noticed a recent problem which around the same time I did the TcpAckFrequency registry edit, I was noticing in task manager lsass.exe has been going high a little over 300,000K just wondering if that would have anything to do with it at all?

 

We've heard from Microsoft that they are working on a fix and it should be available soon.

 

Hi all,

I have noticed the problem of corrupt downloads but only using a tool called UPlay - essentially its a digital storefront and download client for games published by Ubisoft. What interests me is that every single download on UPlay results in corrupt files when NOD32 is enabled and yet similar platforms such as Steam from Valve and Origin from Electronic Arts do not exhibit the same behaviour. Does this mean that WFP is not part of the chain in their download processes? I have tested all 3 platforms with file sizes of several GBs and only the UPlay client results in corrupt downloads. It is fine when NOD32 is disabled.
I use Internet Download Manager within Firefox as well and I haven't noticed any corruption there either although I can't say I've done any type of testing.

 

Thanks for the update

 

There's an update that just came out, is it the fix? KB2762895

I need my fix! hehe

 

No, it will take at least 2 months until MS releases the fix.

 

Oh, a nasty way for MS to kick the competition below the belt.

 

Our company is a large ESET deployment, we are beta testing a real fix issued from ESET currently. Hopefully this issue will be resolved shortly.

 

Boy I sure hope so! There is nothing more aggravating then to d/l a 2GB file only to have it hang at 99% / 1% to complete...then "allegedly the d/l is complete"-- only to find that it is corrupt! Because of the intermittent nature of this bug sometimes it affects...yet other times it does not
My workaround has been to completely disable NOD before I start the d/l or even open a browser and that is something that should not be a factor to do at all...

 

There's no need to completely disable ESET. Either remove the two Microsoft KBs that also cause the issue or Open the ESET AV advanced tree and uncheck HTTP, HTTPS filtering.

That's the temporary work around until ESET issues a real fix for everyone. We plan on having our testing done this month. If everything goes well during our testing, ESET might release a fix next month.

 

Honestly I think this is the last straw for me with NOD32. I get that it's a Microsoft bug, but this is going on since September, and it seems like everytime I've had a quirky issue over the past year or more, it's always NOD32.

We're going to be getting Forefront for free as part of a Windows site-license agreement, and I think we're going to migrate to that. It's just not acceptable to have a serious bug such as this continue for months.

James

 

ESET has nothing to do with this bug and basically any security software utilizing Windows Filtering Platform and intervening in HTTP communication would be affected. Microsoft is testing a hotfix and it should be made available to the public by the beginning of 2013.

 

Marcos, I appreciate the reply and I'm not looking to turn this into an anti-NOD32 rant. We've used the product for 4+ years and been reasonably happy.

That said, when searching the web for this issue, virtually every reference has one thing in common: NOD32. Now that may because NOD32 does things to increase protection that other A/V software does not, and if that's the case then the correlation makes sense.

However, in reading this thread the impression ESET is giving IMO is that you've (not you personally, obviously) thrown your hands in the air and said it's not your problem. But ultimately it is: at default settings, NOD32 breaks core Windows functionality (i.e. downloading) and whether that bug is theirs or yours, there are a lot of us who are not going to start uninstalling MS patches to fix an interaction issue with a third-party package. So yes, I've disabled HTTP filtering for now and that seems to have resolved the download issue, but the whole situation doesn't sit well with me.

James

 

Any software merely utilizes API functions that Windows provides. If Windows itself is faulty and suffers from bugs affecting the functionality utilized by software vendors then the only way how to fix it is to force Microsoft to make a hotfix. In our company, we uninstalled the mentioned hotfixes on all computers until MS comes up with a final solution.

 

Unless you either turn off windows updates, or have a WSUS your suggestion of removing the microsoft is a peeing into the wind type solution.

Those users who've done as you suggest find the hotfixes auto reinstalled back into their machines weekly.

We globally turned off HTTP/HTTPS filtering and I endorsed my manager to consider ,moving to viper AV because of this issue.


Its been months now and frankly unless ESET or Microsoft produces a viable solution within the next 45 days. We will probably be taking our business elsewhere even thou we have another year of licensing with ESET.

 

Hi Marcos,

I am becoming increasingly unsatisfied as other customers in this forum.
ESET does not reply to paying customers about issues DIRECTLY related to their software.
I have been waiting for ESET to reply to me more than two weeks now!
What kind of support is this?

I have around 20 machines that are not able to reliably download even a 20 MB file witout running into file corruption. And it has been like this for a too long time. Like previous users I am considering about moving away from ESET unless this issue is resolved in a short time.

I think ESET should consider this situation very very seriously...

 

Please provide me with more detailed information which will help me track down the history of your ticket.

The only safe solution to this Windows' bug is to uninstall the appropriate hotfixes.

I can assure you that it's been taken seriously from the very first moment. Microsoft was contacted immediately and provided them with a minimalistic driver to demonstrate the bug in Windows Filtering Platform. Microsoft acknowledged the bug and promised to deliver a hotfix as soon as possible. As we've been told, MS is testing the hotfix and is planning to release it by the beginning of 2013.

 

Hi Marcos

 

Just to set the record straight....

My previous statement was not entirely accurate. The patch I mentioned above was issued by Microsoft. Hopefully there will be a official release within the next 60 days.

So far the preliminary results look promising.


Still this is a very debilitating condition to be in. The unofficial patch requires driver signing to be disabled and for a 64 bit OS installation this is unacceptable for widespread deployment in its current form.

 

would be wise to add a warning in the eset installer?
this is a huge bug, people wont know about at all if its hidden in a forum somewhere



btw i noticed this problem when i reinstalled windows 7 64-bit, i didnt have it before reinstall, weirdly enough
i was using a older eset endpoint antivirus version i belive

 

So I guess it was simply wishful thinking on my part that a fix might be forthcoming on January's "Black Tuesday Updates"...Sounds like the "beta" patch that you tried is certainly not what we had hoped for by disabling driver signing under a 64-bit OS which most endusers are running these days...

I am seriously thinking of finding an alternative after being a NOD user for geez almost 10 years! I can't tolerate any more corrupt downloads if I forget to disable NOD beforehand and then spend an inordinate amount of time re-downloading again which costs bandwidth in the whole scheme of things...

 

Googling for the hotfix names brings a lot of web pages with complaints related to various 3rd party software. In ESET, we've removed both hotfixes until MS comes up with a final solution. Both were meant to fix network performance issues but instead a new severe bug was introduced. Also one of the hotfixes turned out to improve performance worse than the previously known fix by editing a registry value.

 

Many vendors monitor at HTTP level but most of them do not have any issues with these two updates. It is odd that Eset should. I only suggest Eset finds a workaround for it's customers as of right now.

 

No disrespect intended but are all of the 3rd Party Vendors just throwing their arms up in the air and pointing to MS for some "fairy tale fix"?

Is this something that a 3rd Party Vendor can fix or is it handicapped because any potential fix involves proprietary code that only MS can touch?

This is not some "issue" that just cropped up after the December Black Tuesday Updates...It has been going on since September 25 ...3+ months!

The more time that passes it seems less likely that anyone is going to step up to the plate and produce a fix...since the clue-less enduser does not know what is corrupting his or her d/l and they just d/l again and again...albeit they are the fledgling endusers who never have a clue...and for that matter never will...

 

We made Microsoft aware of the issue on the MSDN forum on September 25.