AV 4 refuses to get current updates

Just noticed tonite that my AV signatures are dated March 30th. But today is April 13th. Yet Nod says these are current. And when I click update, it looks like it is going to get an update and tehn just comes back says my signatures are up to date. BUT neither the signature number nor the signature date do not change.

My account is current exp date in 2013. This is happening on at least 2 machines. The second one I jsut checked thinks that the AV sigs are current even with a date of March 27th.

No warning messages from Nod 32. No changes that here that should have caused a problem.

Any ideas on what has happened? And how to fix it?

thanks
Sam

 

This is most likely because of the staggered update. You can confirm this by enabling pre-release updates on one of the computers.

 

Marcos,

Thanks for your reply. I did the enable pre-release updates on this machine, but no joy at all.

It seems like Nod does not even try to "call home". I did reenter the account name & password (copied from the email that sent them). That has made no difference.

I'm really concerned that at least these two machines and maybe more are not running with updates any newer than March 30th or March 27th.

Guess I am lucky to have found this finally. I've counted on Nod32 to do its thing every time I tell it to manually update. And when it said "update now current"?, I seldom look at the actual sig number or date.

sam93

 

Please clean your update cache:http://kb.eset.com/esetkb/index?page=content&id=SOLN2134&actp=search&viewlocale=en_US&searchid=1302688923658

 

Hi,Marcos.Now I have problem with my update.When I update my signature it showed "Internet server error" or "the installed signature is current".Come on,ESET already got 6038 but I am still 6036.

 

As I wrote above, the update is being staggered for safety reasons and to protect our users from potential problems stemming from the engine transition.

 

Sorry,is not "internet server error" is "could not be updated" error message from just now until now. But if you said is staggered update,then i may wait for it to be stable update.

 

Marcos, that sounds like more that the 6038 staggered update to me.

Sam93, what is your virus signature version please?



Jim

 

Thanks for the replies. This does not sound like it is the staggered update issue. Apparently this has been happening for a while on both these machines. btw I update these manually about every other day. And have been using this approach for years.

On the main machine, the last update is March 30th #6001 20110330. The line above it says last successful update was made "3/30/2011". On the second machine, the last update is March 27th. It is not running right now, but when I looked at it earlier, it had an update number and date that matched for that date.

Functionally, it does not look like the AV is even going to the internet before it reports back that I have the latest update. Nod has always had the display error of saying it has the latest update even when its update was a week old. But it always went ahead and got me a new update.

system info: OS=W2k, AV Nod32, FW OutPost,
Sam93

 

It's most likely due to the staggered update. Try running a manual update in about 30 minutes when the engine 6038 should already be released for all users.

 

Marcos,

I can certainly try waiting and trying again. However, I don't see how the staggered update can have been affecting this since March 30th and March 27th.

I looked at the FW logs and I see that there are listings for "ekrn.exe" there are entries in the FW blocked log. That log only goes back to April 11th. the entries all seem to say the same thing.
"ekrn.exe OUT REFUSED TCP 140.99.99.103 81 Packet to closed port"

ekrn.exe is listed as a trusted application in the OutPost FW. So I do not know why it would be being blocked.

Sam93

 

Although I already have update 6038, clearing the update cache helps as it was slow, initially, for myself.

Note that the latter ESET KB is for illustrative purposes to show how to manually purge the update cache via the UI.

 

It's not the IP of any of ESET's servers. I assume that another application attempted to communicate with the server in question and the communication was blocked. Try updating in 5-10 minutes. Shouldn't it work, disable the firewall for a while and re-try to update.

 

6038 just installed for me.

 

Thanks for the suggestion. I turned off (disabled) the firewall and Nod32 updated correctly.

Puzzling? I had tried that earlier with no difference. I think the difference may have been that as suggested above I had enabled the pre-release updates and flushed the AV cache. And then when I disabled the Firewall the updates worked. Not sure there is a relationship there, but updates worked a few minutes ago. Signature version now 6039.

Now tomorrow I will try the updates with the FW turned on and see what happens.

If the trouble is still there, I guess I need to remove the AV from the trusted apps list and let the FW make a new set of rules for it? Curious that this happened on both these two machines. While they both have OutPost as the FW, this one runs the older version4 and the other one runs a newer version 6.73. And that looks to have happened 3 days before it happened to this machine?

thanks for the help. I'll post what I find when I test this more.

Sam93

 

Well the issue gets a bit more complex.

Today I was able to update the second machine without changing anything. The problem just seems to have disappeared?

Nod32 updated without my having to enable//allow pre0release updates or clearing the cache. And did so without my having to turn off the firewall.

Good news. But what was happening? And while this may not have happened exactly on either the 30th or 27th which were the last update dates for machine 1 & 2 respectively. I had done manual updates multiple times since then. I just had not noticed that they had failed to get the updated AV signatures. So the problem had been around for a while. I'm pretty sure that at least both machines were manually updated on April 2nd & 4th. And certainly more times after that. Just not sure whether it was every day or every third day during that time.

So any ideas on what might have been happening during the time from April 2nd thru April 13th? & did anyone else notice this or other issues?

thanks again for the help on this.
Sam93