Does NOD32 AV v4 use TDI filtering drivers?

Discussion in 'ESET NOD32 Antivirus' started by fahlis, Oct 8, 2009.

Thread Status:
Not open for further replies.
  1. fahlis

    fahlis Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    20
    Hello,

    I have some customers with SBS2008 servers and with a frequency of approx 2 weeks they loose connectivity with the server.When troubleshooting i found this MS KB.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

    This explains problems with connectivity on a server with multiple CPU´s and a driver that uses TDI Filtering, and as it says some "antivirus software"
    Now I wonder is NOD32 v4 one of those ones ?
    I have several other customers that has NOD32 v 2.7 up to v 3 that does not have this problem, so I´m suspicious, please Eset....clearify this for me.

    thx / Tony
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    You should have this post moved to the V4 forum.
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET NOD32 Antivirus v4.0 uses a TDI filter driver.

    The latest release, v4.0.467.0, does contain some improvements for server operating systems. You may wish to install this version if you believe you are experiencing a problem with an earlier version.


    Regards,

    Aryeh Goretsky
     
  4. fahlis

    fahlis Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    20
    Thanks Agoretsky, sorry bout posting to the wrong forum at first hand...
    Anyways, I will install the latest version in upcoming serverinstallations.
    So is it possible to remove the TDI filtering option in version 4 or is it a mandatory need for NOD32 v4 to work properly ?

    thx /Tony
     
  5. ASpace

    ASpace Guest

    For this specific client of yours , if you suspect NOD32 v4 of being guilty , you should use NOD32 v3.0.694 . This is no problem .

    Removing just the TDI driver will definitiely cause problems and it (NOD32) will also display warnings because of corrupted programs .

    Removing the TDI filtering option should mean disabling the email and web scanning . This can be achieved by unchecking the option for scanning the HTTP in the Advanced Setup tree - Antivirus and antispyware - Web access protection → HTTP , HTTPs
    But is not necessary when you can use earlier versions of EAV with no problems

    Have a look at this : http://kb.eset.com/esetkb/index?page=content&id=SOLN727&actp=LIST_POPULAR
     
    Last edited by a moderator: Oct 15, 2009
  6. fahlis

    fahlis Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    20
    Thx for the explanation ASpace.
    Will probably go back to v3 then.
    It becomes more and more "difficult" to run AV software at all on servers :(
    I mean with all the tweaking that needs to be done.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The Microsoft Knowledgebase article you referenced reports the problem occurs with Windows Server 2008 SP1. By any chance, have you updated to SP2 yet on the server? If so, did that change the behavior?

    Regards,

    Aryeh Goretsky
     
  8. fahlis

    fahlis Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    20

    Hello,

    No I have not applied Sp2 on any SBS2008 servers as of yet, will do in a labenvironment soon and let you know.
     
Thread Status:
Not open for further replies.