Bad signature update?

Hi

This morning we are seeing a lot of our servers all grinding to a halt with high cpu usage, of course all servers are running ESET Antivirus.

possible signature problem?

Thanks

 

Yep same here!

 

Do the machines with the issue have V3.0.695 installed?

 

No mainly 4.2.71.2 and 4.2.67.10 I guess its the atial signature file thats at fault

 

OK, we have a range of versions out in the field, but at the moment our common theme is windows SBS servers (2003 and 2008 ) with version 3.0.695 and signature version 6204 and 6205

However we have seen a couple workstations with the issue, but mainly its the servers that are the problem

Its a fast moving situation here thou! may all change

 

problem with 6205 antivrus update. Eset support prmised 6206 update with bugfix. 500 PC with nod32 hanged up over 6 hours, thank you eset, again/

 

yes I too have a number of sites and they are a combo of SBS 2003, SBS 2008, SBS2011, Server 2003 & Server 2008.

Most servers are using 90-99% of CPU for ekrn process, some at 75% and a couple at 50%

 

Well the 6206 update is out, however it only releases the CPU load on a server reboot, so well done for making us have to reboot servers during a working day!!! grrrr

 

Instead of rebooting the server, try running this tool.

 

We're about to roll back to the previous archive module build, however, we will highly appreciate if you could generate an application dump of ekrn or a complete memory dump from the moment the system is sluggish or unresponsive and convey it to us for perusal.

 

6206 update and fix help to reduce CPU usage on 15-20 minutes, after that CPU usage change again to 100 %

 

The issue occurs when NSIS archives are scanned and you have a scanner using non-default settings (in particular, when the "Scan all files" option is unticked).

The easiest solution is to enable that check box for all scanners and restart the computer. If you have a server affected that you cannot afford to restart, let me know. We have a solution ready for such cases as well.

 

Finding the same here. +300 Windows desktops (Win7 Vista and XP) now running 6206 and have been restarted. 15-20 mins after reboot ekrn.exe absorbs all the CPU and system is too slow to use.

Apple Mac machines running ESET on 6205 or 6206 are running fine.

I can confirm that under File System Filter / Setup / Scan local disk = "YES" & Scan Network disks = "NO"

Windows using: 4.2.71.2; Macs using: 4.0.62.0

 

This is not the setting Marcos was refering too.

Please open your Eset software
Press F5
Choose "Real time file system protection"
Click Setup
Click Extentions
Then TICK "Scan all files"

 

In ERA all checkbox in file system scan are active. Why this issue didn't occured before 6205 update? We waiting appropriate rollback.

 

In ERA, you can configure real-time protection to scan all files as follows:

 

While I know these signature issues are uncommon, they are frustrating when they occur. How about an option in future versions of ESET to roll back a signature version or 2 while the issue is resolved?

 

Why should we now include all files in scan when you recommended some time ago that this option should be unchecked?

BTW, several PCs in my company had this problem this morning and it looked like the 6206 database version solved this. However, my PC (and I did not have that problem) now have ekrn.exe around 97-99% , opening web pages has become much slower that before (Google Chorme 12 and IE . Also, accessing network drives has become slower than before 6206.

NOD32 is 4.2.71 on Windows XP service pack 3 PCs.

 

This has nothing with signatures, the problem is related purely to the archive module.

 

Option checked. ekrn.exe is still warming our CPUes after 15 minutes fix_update.exe execution. All PCs have 6206 update. Now i'm run fix_update in batch remote execution mode. No solution today?

 

If you applied the setting to scan all files remotely via ERAS, I'd suggest making sure that it was actually properly applied on a target computer that is still experiencing the issue.
If the computer was already sluggish, a subsequent restart or running the fix tool must have eventually fixed it. If you wish, you can send me settings from such a client and I'll have a look at them to make sure all scanners are set to scan all files.

 

private messaging notworkig now forum said

 

The problem has eventually been solved with the archive module 1132. Should you still experience issues, please let us know.

We also encourage you to use default file extension settings (ie. "Scan all files" box ticked) which will remove the security whole when not all files are scanned for malware.

 

Which version of NOD BE must be for this archive module ? we have 4.2.71.3 with archive module 1130.

 

All versions >2.7 will get this module. If you are using a mirror make sure to update that too.