ESET NOD32 v4 - BSOD Crashes

Discussion in 'ESET NOD32 Antivirus' started by reni, Mar 27, 2009.

Thread Status:
Not open for further replies.
  1. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    Hi guys,

    We were testing to enroll all workstation of us with NOD32 v4, but we are experiencing some troubles with it.

    On some pc's it gives is a BSOD: (windows xp sp3)

    After analyzing de minidump with WinDbg it shows us the following:
    Probably caused by : epfwtdir.sys ( epfwtdir+31be )
    Which is part of NOD32.
    C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir

    UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault). The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
    use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
    use .trap on that value
    Else
    .trap on the appropriate frame will show where the trap was taken
    (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT

    If wanted, I can email the minidump file, for further analysing.

    For now we wait until v4 gets more stable...

    Regards,

    Rene
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Just to make sure, do you have Vista SP1 installed? The next build will require it to avoid problems like this. Without SP installed, the filtering will work the same way as on WinXP and older systems.
     
  3. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    Nope all our workstations are Windows XP SP3 with the latest patches until today.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I apologize, you've already mentioned it in your initial post. Could you please create a complete or at least kernel memory dump and convey it to ESET? I would send you login details so that you can upload it to our ftp.
     
  5. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    Sure, pm me the details, i will let a workstation create a complete dump in the meanwhile.
     
  6. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    Is there an update on the progress of analyzing the crashdumps?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'll drop you a PM.
     
  8. PoasterChild

    PoasterChild Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    3
    Any resolution to this problem? I am experiencing the same issue. (ESET NOD32 V4.0.417.0, Win. XP SP3)
     
    Last edited: Apr 13, 2009
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you have a Novell client installed by chance?
     
  10. PoasterChild

    PoasterChild Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    3
    I have the latest version of the Novell Client 4.91 SP5 4.91.5.20080922 but this is not happening on all machines even with the same client ver.
     
  11. bradtech

    bradtech Guest


    I am having the same issue.. If you uninstall Netware Client, and just login to the domain I bet your issues would go away with ESET on there.. I had an issue where I was pushing out a registry key through a batch file crashing the system.. I have reports agency wide of this.

    I believe it started in 3.0.684 or 4.0... 3.0.672 install seems immune to the BSoD Netware client crashes I believe.. It only seems to have problems when I push a certain batch file that imports a registry settings for internet connection settings in IE.
     
  12. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    We also had the problems in combination with the 4.91 SP5 novell client (nwfs.sys).
    It looks like it is fixed in the testbuild (4.0.422.0), this one isn't officially released yet.

    I'm sure Marcos can tell us more about it.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A newer build is planned to be released towards the end of this week. It will contain a couple of fixes to problems reported here at Wilders', including the issue with Novell clients in certain configuration. We appreciate your cooperation and are very grateful for the dumps, logs or other files you've provided us with that helped us fix the issues or interferences with other software.
     
  14. CrunchieBite

    CrunchieBite Guest

    Any hints as to what other problems will be fixed or do we have to wait until it is officially released?
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Most of them probably won't be documented, so you can be surprised when you install, late Easter present! :D
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We do our best to fix every issue that have been reported here and to our customer care and turned out to be actual issues.
     
  17. bradtech

    bradtech Guest

    The client you sent me did fix the issue with my novell on a computer this morning... Thank you
     
  18. PoasterChild

    PoasterChild Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    3
    Marcos- Any chance I can get a hold of the test build to see if it fixes my issues?
     
  19. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    We had lockups on one of our domain controllers at 4.0.417. Nothing I could do would fix it. It would work for hours and then lockup.

    It has the Netware Client on it.
     
  20. bradtech

    bradtech Guest

    4.0.417 and 4.0.413 were the cause of my cluster service failing I believe. It started two weeks ago and the only thing I did was update from 3.0.672 to 4.0.417. Plus today I had a Database server go down in the DMZ doing the same behavior where the server would go into a "deadlock" state. Where nothing would actually fail but the system would just freeze, and not respond to any keyboard commands.

    I could ping the machine and get a response, but could not RDP, or login at the KVM. I went back to 3.0.672 64bit on the machines, and the deadlock state went away which was starting to happen every 5-6 hours. What was odd is that the cluster would pass the file service like it was suppose to from one server to the next.. Then the other server would hang just like the previous one..

    No MS updates were done during the time.. Then a 2k3 box did the same exact thing today.. Unfortunatly all I can do is describe the issue since there really is no minidump or kernel dump I can provide :(

    I do have some errors from event viewer from the cluster service finally going into a fail state after letting the system hang for 20-30 min.. I had exclusions recommended per microsoft, plus I excluded all the cluster service system files on both machines, and used a plain jane config, and disabled the Web Access per recommendations of an ESET guy for 2K8 and V4.

    Thankfully I have redundancy for most services so I can afford these kind of things. I have found V3 to be best on most my machines at the moment aside from the new 4.0.422 build which I want to use as soon as it hits the shelf.. It really fixes a lot of probs I had with the previous 4.0 builds, and possibly even 3.0.684.. I can say that I really appreciate the help from ESET on these forums especially Marcos who read my case, and dump files + provided to me a solution that worked so I could push out to save my hide, and 2,000 renewals next year if things keep going this smooth.

    I've had about 10-15 machines bsod because of a netware client issue with ESETl out of the 750 I've done which is a good rate I think... I've had ESET catch so many viruses and spyware on machines I've ripped Symantec off that I welcome the occasional mishap because the pain of integration is worth the layer of protection I'm getting once things get worked out. I think my main mistakes are as follow

    1. Jump on new clients to soon, and should not have thrown on servers just yet.
    2. Oversight during testing phase with novell client as a non local admin user going through both proxies, and getting all the antiquated scripts and batch files that were in place to make novell work.
    3. Failing to realize I had PCAnywhere on some machines and it getting smoked off during rip and replace :lol
     
  21. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
    Hello,

    ESET NOD32 Antivirus v4.424.0 has been released and it does contain a fix for an issue with Novell NetWare client software.

    Please upgrade a system for testing purposes to verify the fix resolves your issue.

    Regards,

    Aryeh Goretsky
     
  22. reni

    reni Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    19
    Nice! Thanks all.
     
Thread Status:
Not open for further replies.