Bad signature update?

Discussion in 'ESET NOD32 Antivirus' started by CScott, Jun 14, 2011.

Thread Status:
Not open for further replies.
  1. CScott

    CScott Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    5
    Hi

    This morning we are seeing a lot of our servers all grinding to a halt with high cpu usage, of course all servers are running ESET Antivirus.

    possible signature problem?

    Thanks
     
  2. queeg505

    queeg505 Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    6
    Yep same here!
     
  3. CScott

    CScott Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    5
    Do the machines with the issue have V3.0.695 installed?
     
  4. queeg505

    queeg505 Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    6
    No mainly 4.2.71.2 and 4.2.67.10 I guess its the atial signature file thats at fault
     
  5. CScott

    CScott Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    5
    OK, we have a range of versions out in the field, but at the moment our common theme is windows SBS servers (2003 and 2008 ) with version 3.0.695 and signature version 6204 and 6205

    However we have seen a couple workstations with the issue, but mainly its the servers that are the problem

    Its a fast moving situation here thou! may all change
     
  6. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    problem with 6205 antivrus update. Eset support prmised 6206 update with bugfix. 500 PC with nod32 hanged up over 6 hours, thank you eset, again/
     
  7. queeg505

    queeg505 Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    6
    yes I too have a number of sites and they are a combo of SBS 2003, SBS 2008, SBS2011, Server 2003 & Server 2008.

    Most servers are using 90-99% of CPU for ekrn process, some at 75% and a couple at 50%
     
  8. queeg505

    queeg505 Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    6
    Well the 6206 update is out, however it only releases the CPU load on a server reboot, so well done for making us have to reboot servers during a working day!!! grrrr
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Instead of rebooting the server, try running this tool.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're about to roll back to the previous archive module build, however, we will highly appreciate if you could generate an application dump of ekrn or a complete memory dump from the moment the system is sluggish or unresponsive and convey it to us for perusal.
     
  11. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    6206 update and fix help to reduce CPU usage on 15-20 minutes, after that CPU usage change again to 100 %
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The issue occurs when NSIS archives are scanned and you have a scanner using non-default settings (in particular, when the "Scan all files" option is unticked).

    The easiest solution is to enable that check box for all scanners and restart the computer. If you have a server affected that you cannot afford to restart, let me know. We have a solution ready for such cases as well.
     
  13. mbroughton

    mbroughton Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    1
    Finding the same here. +300 Windows desktops (Win7 Vista and XP) now running 6206 and have been restarted. 15-20 mins after reboot ekrn.exe absorbs all the CPU and system is too slow to use.

    Apple Mac machines running ESET on 6205 or 6206 are running fine.

    I can confirm that under File System Filter / Setup / Scan local disk = "YES" & Scan Network disks = "NO"

    Windows using: 4.2.71.2; Macs using: 4.0.62.0
     
  14. Nick0

    Nick0 Registered Member

    Joined:
    Feb 18, 2010
    Posts:
    32
    This is not the setting Marcos was refering too.

    Please open your Eset software
    Press F5
    Choose "Real time file system protection"
    Click Setup
    Click Extentions
    Then TICK "Scan all files"
     
  15. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    In ERA all checkbox in file system scan are active. Why this issue didn't occured before 6205 update? We waiting appropriate rollback.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In ERA, you can configure real-time protection to scan all files as follows:
     

    Attached Files:

  17. CScott

    CScott Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    5
    While I know these signature issues are uncommon, they are frustrating when they occur. How about an option in future versions of ESET to roll back a signature version or 2 while the issue is resolved?
     
  18. mladen

    mladen Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    45
    Location:
    Croatia
    Why should we now include all files in scan when you recommended some time ago that this option should be unchecked?

    BTW, several PCs in my company had this problem this morning and it looked like the 6206 database version solved this. However, my PC (and I did not have that problem) now have ekrn.exe around 97-99% , opening web pages has become much slower that before (Google Chorme 12 and IE :cool:. Also, accessing network drives has become slower than before 6206.

    NOD32 is 4.2.71 on Windows XP service pack 3 PCs.
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This has nothing with signatures, the problem is related purely to the archive module.
     
  20. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    Option checked. ekrn.exe is still warming our CPUes after 15 minutes fix_update.exe execution. All PCs have 6206 update. Now i'm run fix_update in batch remote execution mode. No solution today?
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you applied the setting to scan all files remotely via ERAS, I'd suggest making sure that it was actually properly applied on a target computer that is still experiencing the issue.
    If the computer was already sluggish, a subsequent restart or running the fix tool must have eventually fixed it. If you wish, you can send me settings from such a client and I'll have a look at them to make sure all scanners are set to scan all files.
     
  22. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    private messaging notworkig now forum said
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The problem has eventually been solved with the archive module 1132. Should you still experience issues, please let us know.

    We also encourage you to use default file extension settings (ie. "Scan all files" box ticked) which will remove the security whole when not all files are scanned for malware.
     
  24. anvarich

    anvarich Registered Member

    Joined:
    Jun 14, 2011
    Posts:
    6
    Which version of NOD BE must be for this archive module ? we have 4.2.71.3 with archive module 1130.
     
  25. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    All versions >2.7 will get this module. If you are using a mirror make sure to update that too.
     
Thread Status:
Not open for further replies.