16 bit application no longer works after ESET install

We have a legacy 16-bit application. After installing ESET 4.0.467.0 it now produces a NTVDM hard error.

The system is a 32 bit windows 2003 sp2 build 3790. It is a virtual machine on vsphere 4.1

Previously this system had Trend Officescan installed and the 16-bit app was working. The only difference is ESET vs Trend.

temporarily disabling eset A/V has no effect.
temporarily disabling the personal firewall has no effect.
the application is launched from a mapped network drive. However, running it from a local drive makes no difference. Also, running it in any of the compatibilty modes has no effect.
installing MS recommended hotfix for this error had no effect. (WindowsServer2003-KB937932)

I ran procmon on both the trend version and the ESET version. It appears that the app crashes when it attempts to call winsock.dll



Virus signature database: 6226 (20110621)
Update module: 1031 (20091029)
Antivirus and antispyware scanner module: 1300 (20110517)
Advanced heuristics module: 1118 (20110419)
Archive support module: 1133 (20110614)
Cleaner module: 1051 (20110420)
Anti-Stealth support module: 1024 (20101227)
Personal firewall module: 1064 (20110215)
Antispam module: 1016 (2010120
SysInspector module: 1220 (20110517)
Self-defense support module : 1018 (20100812)

 

did you try the latest Eset version and also excluding that app?

 

I just noticed that the version I'm using is not anywhere near the latest version. I'll update and try again.

 

upgrade to the latest version of ESET (uninstall, re-install, import settings)

Same result. NTVDM encountered a hard error.

 

Hi,

So now you have v4.2.71 and the problem persists. I see you're running 2003 Server on that VM, are you running ESET Smart Security on a Server OS?

It would be best to only run ESET NOD32 Antivirus and apply the following recommended server settings:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
http://support.microsoft.com/kb/822158

Additionally, you may also try by adding your app to exclusions in ESET NOD32:

Search Tips
How do I exclude certain files or folders from Real-time scanning?

 

Thanks for the recommendations for server settings. This particular 16 bit application is the only one still in existence and is not very actively used by our end users. We have a work around where the users are running the app on a server that still has the Trend A/V on it.
Also, you can't exclude a specific 16 bit application but rather the NTVDM.EXE that runs 16 bit applications. This was done with the same results. I suspect it has something to do with the 16 bit sql server drivers that this application uses.

 

Hello,

Given the age of the program (Windows 3.1-era?) it is possible the program is performing an operation that either behaves unexpectedly or conflicts with ESET's software in some fashion. From what I recall, performing socket operations was somewhat exotic in that era.

You may want to contact your local ESET distributor or office and open a ticket with their support department to take a look at the procmon log.

Regards,

Aryeh Goretsky