Does NOD32 AV v4 use TDI filtering drivers?

Hello,

I have some customers with SBS2008 servers and with a frequency of approx 2 weeks they loose connectivity with the server.When troubleshooting i found this MS KB.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

This explains problems with connectivity on a server with multiple CPU´s and a driver that uses TDI Filtering, and as it says some "antivirus software"
Now I wonder is NOD32 v4 one of those ones ?
I have several other customers that has NOD32 v 2.7 up to v 3 that does not have this problem, so I´m suspicious, please Eset....clearify this for me.

thx / Tony

 

You should have this post moved to the V4 forum.

 

Hello,

ESET NOD32 Antivirus v4.0 uses a TDI filter driver.

The latest release, v4.0.467.0, does contain some improvements for server operating systems. You may wish to install this version if you believe you are experiencing a problem with an earlier version.


Regards,

Aryeh Goretsky

 

Thanks Agoretsky, sorry bout posting to the wrong forum at first hand...
Anyways, I will install the latest version in upcoming serverinstallations.
So is it possible to remove the TDI filtering option in version 4 or is it a mandatory need for NOD32 v4 to work properly ?

thx /Tony

 

For this specific client of yours , if you suspect NOD32 v4 of being guilty , you should use NOD32 v3.0.694 . This is no problem .

Removing just the TDI driver will definitiely cause problems and it (NOD32) will also display warnings because of corrupted programs .

Removing the TDI filtering option should mean disabling the email and web scanning . This can be achieved by unchecking the option for scanning the HTTP in the Advanced Setup tree - Antivirus and antispyware - Web access protection → HTTP , HTTPs
But is not necessary when you can use earlier versions of EAV with no problems

Have a look at this : http://kb.eset.com/esetkb/index?page=content&id=SOLN727&actp=LIST_POPULAR

 

Thx for the explanation ASpace.
Will probably go back to v3 then.
It becomes more and more "difficult" to run AV software at all on servers
I mean with all the tweaking that needs to be done.

 

Hello,

The Microsoft Knowledgebase article you referenced reports the problem occurs with Windows Server 2008 SP1. By any chance, have you updated to SP2 yet on the server? If so, did that change the behavior?

Regards,

Aryeh Goretsky

 

Hello,

No I have not applied Sp2 on any SBS2008 servers as of yet, will do in a labenvironment soon and let you know.