Beware of MS hotfixes KB2735855 and KB2750841

Discussion in 'ESET NOD32 Antivirus' started by Marcos, Sep 25, 2012.

  1. Bones81

    Bones81 Registered Member

    Joined:
    Nov 12, 2012
    Posts:
    17
    I noticed a recent problem which around the same time I did the TcpAckFrequency registry edit, I was noticing in task manager lsass.exe has been going high a little over 300,000K just wondering if that would have anything to do with it at all?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    We've heard from Microsoft that they are working on a fix and it should be available soon.
     
  3. davisr_uk

    davisr_uk Registered Member

    Joined:
    Nov 27, 2012
    Posts:
    1
    Location:
    UK
    Hi all,

    I have noticed the problem of corrupt downloads but only using a tool called UPlay - essentially its a digital storefront and download client for games published by Ubisoft. What interests me is that every single download on UPlay results in corrupt files when NOD32 is enabled and yet similar platforms such as Steam from Valve and Origin from Electronic Arts do not exhibit the same behaviour. Does this mean that WFP is not part of the chain in their download processes? I have tested all 3 platforms with file sizes of several GBs and only the UPlay client results in corrupt downloads. It is fine when NOD32 is disabled.
    I use Internet Download Manager within Firefox as well and I haven't noticed any corruption there either although I can't say I've done any type of testing.
     
  4. bulldozerlf

    bulldozerlf Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    3
    Location:
    U.K
    Thanks for the update
     
  5. Bones81

    Bones81 Registered Member

    Joined:
    Nov 12, 2012
    Posts:
    17
    There's an update that just came out, is it the fix? KB2762895

    I need my fix! hehe o_O
     
    Last edited: Nov 27, 2012
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    No, it will take at least 2 months until MS releases the fix.
     
  7. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Oh, a nasty way for MS to kick the competition below the belt. o_O
     
  8. mackintire

    mackintire Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    9
    Location:
    USA
    Our company is a large ESET deployment, we are beta testing a real fix issued from ESET currently. Hopefully this issue will be resolved shortly.
     
  9. SaphireX

    SaphireX Registered Member

    Joined:
    Jul 29, 2004
    Posts:
    84
    Boy I sure hope so! There is nothing more aggravating then to d/l a 2GB file only to have it hang at 99% / 1% to complete...then "allegedly the d/l is complete"-- only to find that it is corrupt! Because of the intermittent nature of this bug sometimes it affects...yet other times it does not
    My workaround has been to completely disable NOD before I start the d/l or even open a browser and that is something that should not be a factor to do at all...
     
  10. mackintire

    mackintire Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    9
    Location:
    USA
    There's no need to completely disable ESET. Either remove the two Microsoft KBs that also cause the issue or Open the ESET AV advanced tree and uncheck HTTP, HTTPS filtering.

    That's the temporary work around until ESET issues a real fix for everyone. We plan on having our testing done this month. If everything goes well during our testing, ESET might release a fix next month.
     
  11. jprudente

    jprudente Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    29
    Honestly I think this is the last straw for me with NOD32. I get that it's a Microsoft bug, but this is going on since September, and it seems like everytime I've had a quirky issue over the past year or more, it's always NOD32.

    We're going to be getting Forefront for free as part of a Windows site-license agreement, and I think we're going to migrate to that. It's just not acceptable to have a serious bug such as this continue for months.

    James
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    ESET has nothing to do with this bug and basically any security software utilizing Windows Filtering Platform and intervening in HTTP communication would be affected. Microsoft is testing a hotfix and it should be made available to the public by the beginning of 2013.
     
  13. jprudente

    jprudente Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    29
    Marcos, I appreciate the reply and I'm not looking to turn this into an anti-NOD32 rant. We've used the product for 4+ years and been reasonably happy.

    That said, when searching the web for this issue, virtually every reference has one thing in common: NOD32. Now that may because NOD32 does things to increase protection that other A/V software does not, and if that's the case then the correlation makes sense.

    However, in reading this thread the impression ESET is giving IMO is that you've (not you personally, obviously) thrown your hands in the air and said it's not your problem. But ultimately it is: at default settings, NOD32 breaks core Windows functionality (i.e. downloading) and whether that bug is theirs or yours, there are a lot of us who are not going to start uninstalling MS patches to fix an interaction issue with a third-party package. So yes, I've disabled HTTP filtering for now and that seems to have resolved the download issue, but the whole situation doesn't sit well with me.

    James
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Any software merely utilizes API functions that Windows provides. If Windows itself is faulty and suffers from bugs affecting the functionality utilized by software vendors then the only way how to fix it is to force Microsoft to make a hotfix. In our company, we uninstalled the mentioned hotfixes on all computers until MS comes up with a final solution.
     
  15. mackintire

    mackintire Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    9
    Location:
    USA
    Unless you either turn off windows updates, or have a WSUS your suggestion of removing the microsoft is a peeing into the wind type solution.

    Those users who've done as you suggest find the hotfixes auto reinstalled back into their machines weekly.

    We globally turned off HTTP/HTTPS filtering and I endorsed my manager to consider ,moving to viper AV because of this issue.


    Its been months now and frankly unless ESET or Microsoft produces a viable solution within the next 45 days. We will probably be taking our business elsewhere even thou we have another year of licensing with ESET.
     
  16. jmserra

    jmserra Registered Member

    Joined:
    Nov 11, 2012
    Posts:
    4
    Location:
    Portugal
    Hi Marcos,

    I am becoming increasingly unsatisfied as other customers in this forum.
    ESET does not reply to paying customers about issues DIRECTLY related to their software.
    I have been waiting for ESET to reply to me more than two weeks now!
    What kind of support is this?

    I have around 20 machines that are not able to reliably download even a 20 MB file witout running into file corruption. And it has been like this for a too long time. Like previous users I am considering about moving away from ESET unless this issue is resolved in a short time.

    I think ESET should consider this situation very very seriously...
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Please provide me with more detailed information which will help me track down the history of your ticket.

    The only safe solution to this Windows' bug is to uninstall the appropriate hotfixes.

    I can assure you that it's been taken seriously from the very first moment. Microsoft was contacted immediately and provided them with a minimalistic driver to demonstrate the bug in Windows Filtering Platform. Microsoft acknowledged the bug and promised to deliver a hotfix as soon as possible. As we've been told, MS is testing the hotfix and is planning to release it by the beginning of 2013.
     
  18. jmserra

    jmserra Registered Member

    Joined:
    Nov 11, 2012
    Posts:
    4
    Location:
    Portugal
    Hi Marcos

     
  19. mackintire

    mackintire Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    9
    Location:
    USA
    Just to set the record straight....

    My previous statement was not entirely accurate. The patch I mentioned above was issued by Microsoft. Hopefully there will be a official release within the next 60 days.

    So far the preliminary results look promising.


    Still this is a very debilitating condition to be in. The unofficial patch requires driver signing to be disabled and for a 64 bit OS installation this is unacceptable for widespread deployment in its current form.
     
    Last edited: Jan 2, 2013
  20. BedreAntivirus

    BedreAntivirus Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    92
    would be wise to add a warning in the eset installer?
    this is a huge bug, people wont know about at all if its hidden in a forum somewhere

    o_O

    btw i noticed this problem when i reinstalled windows 7 64-bit, i didnt have it before reinstall, weirdly enough
    i was using a older eset endpoint antivirus version i belive
     
    Last edited: Jan 2, 2013
  21. SaphireX

    SaphireX Registered Member

    Joined:
    Jul 29, 2004
    Posts:
    84
    So I guess it was simply wishful thinking on my part that a fix might be forthcoming on January's "Black Tuesday Updates"...Sounds like the "beta" patch that you tried is certainly not what we had hoped for by disabling driver signing under a 64-bit OS which most endusers are running these days...

    I am seriously thinking of finding an alternative after being a NOD user for geez almost 10 years! I can't tolerate any more corrupt downloads if I forget to disable NOD beforehand and then spend an inordinate amount of time re-downloading again which costs bandwidth in the whole scheme of things...

     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    Googling for the hotfix names brings a lot of web pages with complaints related to various 3rd party software. In ESET, we've removed both hotfixes until MS comes up with a final solution. Both were meant to fix network performance issues but instead a new severe bug was introduced. Also one of the hotfixes turned out to improve performance worse than the previously known fix by editing a registry value.
     
  23. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,221
    Location:
    The land of no identity :D
    Many vendors monitor at HTTP level but most of them do not have any issues with these two updates. It is odd that Eset should. I only suggest Eset finds a workaround for it's customers as of right now.
     
  24. SaphireX

    SaphireX Registered Member

    Joined:
    Jul 29, 2004
    Posts:
    84
    No disrespect intended but are all of the 3rd Party Vendors just throwing their arms up in the air and pointing to MS for some "fairy tale fix"?

    Is this something that a 3rd Party Vendor can fix or is it handicapped because any potential fix involves proprietary code that only MS can touch?

    This is not some "issue" that just cropped up after the December Black Tuesday Updates...It has been going on since September 25 ...3+ months!

    The more time that passes it seems less likely that anyone is going to step up to the plate and produce a fix...since the clue-less enduser does not know what is corrupting his or her d/l and they just d/l again and again...albeit they are the fledgling endusers who never have a clue...and for that matter never will...
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    We made Microsoft aware of the issue on the MSDN forum on September 25.
     
    Last edited: Jan 14, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.