16 bit application no longer works after ESET install

Discussion in 'ESET Smart Security' started by alwzn4vr, Jun 21, 2011.

Thread Status:
Not open for further replies.
  1. alwzn4vr

    alwzn4vr Registered Member

    Joined:
    Jun 21, 2011
    Posts:
    4
    We have a legacy 16-bit application. After installing ESET 4.0.467.0 it now produces a NTVDM hard error.

    The system is a 32 bit windows 2003 sp2 build 3790. It is a virtual machine on vsphere 4.1

    Previously this system had Trend Officescan installed and the 16-bit app was working. The only difference is ESET vs Trend.

    temporarily disabling eset A/V has no effect.
    temporarily disabling the personal firewall has no effect.
    the application is launched from a mapped network drive. However, running it from a local drive makes no difference. Also, running it in any of the compatibilty modes has no effect.
    installing MS recommended hotfix for this error had no effect. (WindowsServer2003-KB937932)

    I ran procmon on both the trend version and the ESET version. It appears that the app crashes when it attempts to call winsock.dll



    Virus signature database: 6226 (20110621)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1300 (20110517)
    Advanced heuristics module: 1118 (20110419)
    Archive support module: 1133 (20110614)
    Cleaner module: 1051 (20110420)
    Anti-Stealth support module: 1024 (20101227)
    Personal firewall module: 1064 (20110215)
    Antispam module: 1016 (2010120:cool:
    SysInspector module: 1220 (20110517)
    Self-defense support module : 1018 (20100812)
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you try the latest Eset version and also excluding that app?
     
  3. alwzn4vr

    alwzn4vr Registered Member

    Joined:
    Jun 21, 2011
    Posts:
    4
    I just noticed that the version I'm using is not anywhere near the latest version. I'll update and try again.
     
  4. alwzn4vr

    alwzn4vr Registered Member

    Joined:
    Jun 21, 2011
    Posts:
    4
    upgrade to the latest version of ESET (uninstall, re-install, import settings)

    Same result. NTVDM encountered a hard error.
     
  5. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hi,

    So now you have v4.2.71 and the problem persists. I see you're running 2003 Server on that VM, are you running ESET Smart Security on a Server OS?

    It would be best to only run ESET NOD32 Antivirus and apply the following recommended server settings:

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
    http://support.microsoft.com/kb/822158

    Additionally, you may also try by adding your app to exclusions in ESET NOD32:

    Search Tips
    How do I exclude certain files or folders from Real-time scanning?
     
  6. alwzn4vr

    alwzn4vr Registered Member

    Joined:
    Jun 21, 2011
    Posts:
    4


    Thanks for the recommendations for server settings. This particular 16 bit application is the only one still in existence and is not very actively used by our end users. We have a work around where the users are running the app on a server that still has the Trend A/V on it.
    Also, you can't exclude a specific 16 bit application but rather the NTVDM.EXE that runs 16 bit applications. This was done with the same results. I suspect it has something to do with the 16 bit sql server drivers that this application uses.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Given the age of the program (Windows 3.1-era?) it is possible the program is performing an operation that either behaves unexpectedly or conflicts with ESET's software in some fashion. From what I recall, performing socket operations was somewhat exotic in that era.

    You may want to contact your local ESET distributor or office and open a ticket with their support department to take a look at the procmon log.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.