A few NOD32 questions

Hi everyone,

I'm looking for a new anti-virus solution to cover my home computers and up until now have been using Microsoft Security Essentials, however on my older Pentium 4 system running Windows XP I find that it drags the system to its knees. I'm pretty sure that I'll be going with ESET's NOD32 Antivirus, however I've got a few questions that perhaps you folks can answer:

1. I've used NOD32 in the past on a 64-bit Windows Vista system with 4 GB of RAM and experienced random lockups and STOP errors, these mostly occurred on resume from sleep/hibernate and on login that were caused by NOD32's driver (I believe I was running v3) - have the issues with 64-bit Windows and NOD32 been resolved so that these crashes and hangs no longer occur?

2. Does NOD32 conflict with any of Windows' built-in features, networking, etc? I've had a lot of issues with other security products in the past in this regard.

3. How efficient is NOD32 in terms of memory and CPU usage, and how well does it scale to your hardware?

4. Related to question #3, how does NOD32's CPU usage impact battery life on notebook computers?

5. Is there any way to disable or hide the NOD32 tray icon while retaining most of the user interface functionality?

Thanks!

 

My 2p....

1. I've used Vista x64 and then Win7 x64, ever since Vista x64 was releasd to MSDN subscribers (Sepetember 2007?) and have never experienced this. Latterly I'm using Win 7 x64 on a Dell laptop with 8GB, and my laptop sleeps every night (not unusual to have nearly 1000 hours usages between reboots). Absolutely no issues. Using 4.2.58 of EAV BE.

2. I'd say no, but others have found a few issues with downloads not completing. ESET are excellent at fixing bugs though, so issues tend to get resolved quickly.

3. EKRN.exe is currently using 52MB RAM on my system (uptime 151 hours). CPU usage is neglible (but I do have "scan on open" and "scan on create" both disabled).

4. I can't really comment. I have ESET runnig all the time so I've not tried the laptop without it.

5. Not that I know of; others may know.



Jim

 

1. Like the last poster, I have not had any of your described problems with NOD 32 AntiVirus BE V3.0 nor V4.0. I have used AV for Home also on two PC's and also have not encountered any issues using full sleep and hibernation on Vista x64 SP2 and Windows 7 64-bit.

2. The only conflicts I've encountered is with some VPN, mobile wireless or similar network software. In all cases, simply disabling SSL scanning or adding an exception has solved the problem.

3. On Windows 7, 52MB is also my current usage for NOD32 AntiVirus.

4. We now run NOD32 as standard issue on all our issues company laptops (ThinkPad's). We have seen no noticeable battery life changes between AVG, MS Security Essentials and NOD32 BE V4.0.

5. I do not know how to eliminate the systray icon, although the first thing that comes to mind is use Windows 7 and configure this using Windows 7 systray manager.

Our only problems in 2 years of using NOD32 AV have been the occasional files that consume too much CPU time or otherwise throw the scanner for a loop. These are usually addressed by submitting the samples and being patient.

Hope this helps

 

Thanks for the answers guys. Here's another one -- how often does NOD32 conflict with Windows Update, e.g. what happened recently with one of the updates released on Aug 13?

 

I've had similar experiences as the other two folks who replied. I'm running NOD32 4.x on about 350 machines (primarily web servers) with a multitude of different configurations.

My exception is in response to question #1. Warning: I'm going to get a little long-winded (more than usual).

While I have not experienced any of the BSOD or lockups on wake-up from sleeping or hibernation, I have had my share of BSODs due in part to NOD32. I have seen many crashdumps where windbg was pointing to eamon.sys as the likely culprit. However, that doesn't mean NOD32 is a bad product or that it's even to blame. The machines on which this has been a problem had *at least one* of the following traits:

1) excessively high disk IO load
2) filesystem corruption
3) very high (>50%) file fragmentation on the most-frequently scanned volume​

I found that disabling anti-stealth worked around the issue in about 1/3rd of the cases, and disabling real-time scanning thumbd worked around the problem in the other 2/3rds. The *resolution* was to chkdsk /f, defrag, and add spindles to the box (usually with a 3+ disk hardware RAID5). So, not really NOD32's fault.

Anti-stealth is a really neat feature, but I believe it is also the reason eamon.sys shows up in crashdumps so frequently. NOD32 scans files at several different layers of the filesystem to discover rootkit-like behavior. It does this by finding files and directories that appear on the disk but are filtered out ("hidden") by the time the information on the disk makes it through all the filesystem filter drivers to the Windows API. This means that NOD32 can sometimes use many disk IO requests to scan a single set of data. On a Windows instance with excessive disk IO already, I think NOD32 either causes disk IO to hit a tipping point, uses too much non-paged pool, or just starts tripping all over itself. Either way, the end result is a BSOD.

However, I dare say that, although I don't like a BSOD, it is actually a better response than some of the alternatives. For one, it does not leave your system vulnerable. The last two versions of Kaspersky I used (KAV for Windows File Server 6.0 and KAV for Windows Server Enterprise Edition 6.0) had the annoying behavior of simply *shutting off* whenever disk IO became too high for it to cope. This meant that it was possible to infect a machine by spiking disk IOs up there into the 10s of thousands for a while, then throwing in whatever malware you wanted to execute amid all the noise. I did this in my lab, succeeded, and decided then to switch vendors.

 

Generally, my experience with NOD32 has been really positive. I would suggest that you try it out on your laptop first since they have an available trial version.

 

I think NOD32 is a really, really mature antivirus and it's the perfect companion for Windows. Currently I'm running Windows 7 64 bit and NOD32 for almost 2 years (my 2-year license ends in November) and I haven't come across any problem caused by NOD32. most of the time I even forget it's there, except for the times when it catches wild creatures. I would lie if I told you that it didn't cause me a bit of frustration in the past, before this subscription, but now every rough edge seems to be ironed out.

 

I think this is the first time. But don't forget that AV vendors do not get to see the Windows Update files any quicker than you or I do. Microsoft releases them to the world at the same time. So ESET had no way of knowing there would be a problem. But give them their due, it was resolved within a day.

And recall that other AV vendors (McAfee, Kaspersky) have released signature files which have quarantined critical Windows files and rendered systems unbootable.....


Jim

 

Yes, this. Also, some of the "fixes" I've received from other vendors have either not worked or been so poorly written that they would cause even more damage. Little, completely avoidable things, too, like assuming the system drive is always C: (which it should be, but...), when there's a perfectly good %SYSTEMDRIVE% environment variable you can use.

 

I agree with kerykeion. Only way to really know is to run the trial, since everyones mileage varies.