domain controller issue - fixed! 4.0.424

Discussion in 'ESET NOD32 Antivirus' started by SalC, May 7, 2009.

Thread Status:
Not open for further replies.
  1. SalC

    SalC Registered Member

    Joined:
    Jun 30, 2008
    Posts:
    31
    Using 4.0.424 on a DC now for over a week, and it hasn't crashed, or been unable to be logged into.

    I figured out the problem... EXCLUSIONS that were set on the domain controller (as recommended by Microsoft) were NOT working, due to wildcards, ie

    %windir%\
    %Systemroot%\

    I manually went into the config for the server, and specified the ACTUAL folders, ie:
    c:\windows\xxxxx

    and voila... so.. anyone else feeling brave, may want to try this..
     
  2. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    ESET doesn't support the environment variables, you have to write them manually. So yes, what you've done is the correct thing (and required).
     
  3. vodalp

    vodalp Registered Member

    Joined:
    May 11, 2009
    Posts:
    8
    But some malware can get into the Windows folder... can you reference the MS article that recommends excluding the entire Windows folder?
     
  4. cbowers

    cbowers Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    5
    Can you cite?

    Their Server config KB article directly contradicts that:
    http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1240406954816

    Wherein it says:
    The final settings which need to be configured will vary depending on the software that is installed on the server. For instance, database and backup software should be excluded from the real-time and On-demand scanners. When entering the directory paths, make sure that *.* is added to the end of each entry. As an example, the following directory paths should be excluded if the server is running Microsoft Exchange:

    %Program Files%\Exchsrvr\MDBData\*.*
    %Program Files%\Exchsrvr\Mtadata\*.*
    %Program Files%\Exchsrvr\Server_Name.log
    %Program Files%\Exchsrvr\Mailroot\*.*
    %Program Files%\Exchsrvr\Srsdata\*.*
    %System Root%\System32\Inetsrv\*.*
    %Program Files%\Exchsrvr\IMCData\*.*​
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I have contacted ESET's knowledgebase team and asked them to update the article.

    Regards,

    Aryeh Goretsky
     
  6. SalC

    SalC Registered Member

    Joined:
    Jun 30, 2008
    Posts:
    31
    Re: domain controller issue - NOT fixed! 4.0.424

    OK, I take that back.. the DC had been fine for almost a month, and when I got back into the office today, we were unable to login to the Domain Controller.. only solution was to reboot it, at which time it worked fine.

    I uninstalled 4.0.424 and put in 4.0.437 -- hopefully it will behave..
     
  7. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Any word on a simple tick-box for the recommended Microsoft esxclusions?

    It is really INSANE to have to do these manually, when they are pretty much mandatory for things to work right, even on workstations?

    I mean, come on ESET! You are causing YOURSELVES all kinds of grief by NOT doing this, in the form of (now massive) complaints here on the forums.

    NOD32's reputation has really dropped MANY notches in mine and others eyes, and this (damaged reputation) is something that is not easy to fix.
     
  8. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    You typically do not need to do this on workstations since the softwaredistribution database is so small and has so little IO that the scanning engine hitting it won't really cause a problem. I do agree that something could be done to make it a little easier setting up the default recommended exclusion on a server OS, maybe something detects the roles installed on the OS and makes recommendations accordingly.
     
Thread Status:
Not open for further replies.