4.2.71.2 - User opens browsers, no connection, reboot fixes it?

Discussion in 'ESET NOD32 Antivirus' started by grdotnet, Oct 24, 2011.

Thread Status:
Not open for further replies.
  1. grdotnet

    grdotnet Registered Member

    Joined:
    Sep 2, 2010
    Posts:
    9
    Hello,

    We're using 4.2.71.2 clients on Win XP SP3 for our public computers. We've been getting widespread reports of users that open a web browser and it appears as if they don't have a connection to the Internet. Pings to the web servers in question return fine and the site is proven to be up by using another workstation. A reboot fixes this every time. I'm suspecting the HTTP filter has stopped working in EAV - a problem we used to have very rarely and are now having several times daily. Does anyone have any experience with the HTTP filter failing?

    Thanks,

    Greg
     
  2. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello Greg,

    That is indeed an unusual behavior. Are you sure the machine is free of malware? When did this problem start?

    Please do the following:

    1. Open the GUI for the client, then in the bottom left corner make sure it's displaying advanced mode.

    2. In the top right, click Help > About.

    3. Take a screenshot of the window that opens. Paste the screenshot of that window to your reply so we can see what module versions the product has. Also, by chance, did you happen to try an uninstall/reinstall of one of the problematic machines to see if that corrects the issue?

    Thanks,

    Matt
     
  3. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Greg - Yes, we have seen this happen at times. Back on version 4.0.437 we used to have it happen on a couple machines a week, always generating a call from the users. However since moving on to 4.2, I haven't seen this in quite some time now.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please paste here the outcome of running "sc query epfwtdir". One of the possibilities is that ekrn got into an improper state; in this case we'd need you to generate a complete application memory dump using Process Dump (created after running "procdump -ma ekrn").
     
  5. grdotnet

    grdotnet Registered Member

    Joined:
    Sep 2, 2010
    Posts:
    9
    Hey guys,

    Sorry for the delayed response. I was out of town and one of our other techs was able to pull this info together:

    here is the output from "sc query epfwtdir":

    SERVICE_NAME: epfwtdir
    TYPE : 1 KERNEL_DRIVER
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    I've installed the process dump program but when I run it I get this: "Error opening ekrn.exe (1704): Access is denied."
     

    Attached Files:

Thread Status:
Not open for further replies.