Has the windows 2008 crash bug been fixed

Discussion in 'ESET NOD32 Antivirus' started by majortom1981, Jun 7, 2010.

Thread Status:
Not open for further replies.
  1. majortom1981

    majortom1981 Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    4
    We have been running v3 of nod32 on our servers because of the bug that nod32 v4 caused servers to stop responding. I was wondering if this bug has been fixed yet?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I have no clue which problem you mean. There can be thousands of reasons for BSOD, without getting a memory dump we're unable to tell anything more.
     
  3. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    I'm assuming he's referring to the bug that has been discussed many many times with v4.x flat locking up Windows 2008 servers. Many of us in the forums are running v3.x on our 2008 servers due to the fact we can't have our servers lockup in the middle of the day for no reason whatsoever.

    In my case, there is no Blue Screen, no dump files to look at. The server flat is locked up. I cannot RDP, or login via console however the computer still responds to ping. The servers were brand new HP Proliant servers, clean installed Windows 2008 x64 with all updated firmware and drivers from HP.

    Since removing v4.x almost a year ago now, we haven't received a single lockup on the same servers, same installs that v4 locked up numerous times.
     
  4. majortom1981

    majortom1981 Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    4
    This is exactly what I am talking about. I am wondering if the latest version of 4 fixed this or is it still happening?

    I might have to look into another virus scan solution because of this problem.
     
  5. LarryV

    LarryV Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    18
    Marcos, This SBS 2008 crash bug should come as no surprise to you. Many of us have posted essentially the same symptoms and the common factor is SBS 2008 and any 4.x version of NOD. The servers simply freeze. No BSOD, no event in the logs, just an unresponsive server. Exclusions make no difference. We have gone so far as to exclude virtually everything as a test.

    If this is not the appropriate forum for resolution of this issue, how do you suggest we proceed? Do ESET representative not monitor these forums to
    see what their users are saying?
    Thank you
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Without a memory dump from BSOD or a manually generated dump from the moment the system gets frozen it's impossible to tell where the problem lies. Generally if there's an interference with another application or driver causing BSOD or system freeze, try the following:
    1, disable Anti-Stealth and Self-defense
    2, disable startup scan tasks
    3, set real-time protection to scan files with default extensions instead of all files
     
  7. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Just to clarify so that this post doesn't pertain to being about SBS only, all of my servers are Windows 2008 Standard Edition and not SBS 2008. I just installed another new server with Windows 2008 R2 Standard Edition and will monitor what happens with it, however this is very low use file server only server, so no where near the traffic of my other 2008 servers.
     
  8. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    This behaviour you describe sounds familiar, i have seen this also on XP and on server 2003.... but again (just as Marcos said) without proof it is uncertain what triggered this...

    greetings from Holland
     
  9. LarryV

    LarryV Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    18
    I opened a case with ESET and just received this reply:

    We recognize that is a problem with the 4.2 version and SBS. Our developers are currently trying to lock down exactly what the issue is that is causing the problem you are having. We would appreciate your help by providing us some logs from the SBS:

    Versions that don't appear to have the issue include:
    3.0, 4.0.474

    Versions 4.2, and 4.0.437 are the ones known to us and we are trying to collect logs on.

    If you find a minidump when the issue occurs we have an FTP site we would like you to upload it to.
     
  10. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Unfortunately, the way it locks up does not generate a BSOD or memory dump. No log in the Event Viewer, nothing. The lockups are random, several weeks apart in my case so there was no way to track down when it was going to happen. However, since changing to v3.x I haven't had a single lockup whatsoever. I do have a Windows 2003 server v4.x and it hasn't ever locked up either. It clearly has only been an issue on Windows 2008 servers and v4.x.

    1 - I will try disabling Anti-Stealth and Self-Defense when I have a free server to test 4.x on again (should have a new server here next month).

    2 - Wouldn't startup scan tasks only be relevant when there would be users actually logging into the server? None of my servers do people actually login to them. They have file shares, printer queues, SQL Databases, etc. But nobody actually logs in besides Admins, which is not very often.

    3 - All recommended settings for servers for NOD32 are in place per the ESET KB article. Also all exclusions as recommended by the Microsoft KB are in place.
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I've done 4x servers with version 4.2 on 4 servers...1 was SBS2008, 3 are SBS2003. I had followed to the tee...doing exclusions, not scanning all file types, etc.

    2x days ago...an SBS08 server I installed back in March..which had been running fine since then, started having issues. Pretty much the same symptoms as above...the server nearly hard locks...it falls off the network, cannot RDP to it, mapped drives and shares from clients on the network are unavailable, it won't reply to pings, etc. No blue screens, no dumps..cannot gracefully reboot it from local console....it requires holding in the power button til it forces down, and then crossing your fingers that she'll boot up fine. Several times a day. This afternoon I uninstalled NOD32....she's been running like a champ since.

    New Dell PE T610
    12 gigs of RAM
    Dual Quad Core Xeons
    5x 15krpm 2.5" SAS drives, pair RAID 1 for the OS, triple RAID 5 for data.
    Naturally latest BIOS, firmware, drivers, blah blah...I'm anal about my server builds.
     
  12. fclage

    fclage Registered Member

    Joined:
    Jul 12, 2010
    Posts:
    2
    Location:
    Porto
    ESET TECH SUPPORT/DEV TEAM - PLEASE READ THIS

    Last saturday (July 10th, 2010) I tried to install ESET NOD32 v4 x64 (obtained from http://download.eset.com/download/win/eavbe/eavbe_nt64_enu.msi) on a 3-month old fresh installed Windows 2008 X64 WebServer Edition server.
    Server Specs: XEON 3450 (4C/8T), 8GB RAM, 1TB HDD, Gigabit. The server is hosted on a datacenter in Lisbon, and hosts hundreds of websites and domains.
    Uses the following software/configuration/services: IIS7, FTP Server (FileZilla), MSSQL 2008 x64, MySQL, MailEnable Professional, DNS, IPv4 and IPv6 addresses.

    A few hours after I installed ( ESET version 4.2.58 ) the server went down... no ping reply, no websites available (IIS), no FTP, no nothing. Basically, it looked like it crashed, but I it didn't!
    I've asked the datacenter for a remote reboot and the server came back a few minutes later... I was able to RDP, and the odd thing is that there was no data of this event recorded in log, no BSOD dump, no nothing - except Windows Server standard window poping up and asking me "What happened to me?" with the options for me to specify the reason. So, from the server "prespective", it never crashed!

    While I was checking the logs, the server froze again.
    I asked for a 2nd reboot and immediately after booting up I took no delay and I disabled and then removed NOD32 v4. Rebooted after uninstall and had no lockups / freezes / hangs since.

    This server is just 3 months old, and the crashcount for this server was 0! Until I installed NOD32... Now it's 2.

    If you need any further information, feel free to contact me. ESET needs to fix this problem ASAP.

    I need crash-free version NOD32 AV for Windows 2008 x64!

    Do you recomend falling back to the 3.x version?
    Or are you going to fix this 4.x problem once and for all?
    (from what I've read on the web, this problem isn't new)

    Thank you
     
  13. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    ~ Snipped as per TOS ~ scary, I'll wait for future version of eset now :blink:
     
    Last edited by a moderator: Jul 18, 2010
  14. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
  15. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    FWIW, I am running 4.0.474 on about 25 servers - some physical, most virtual (vSphere). I am not seeing any lock-ups, BSODs, etc. I came to the forums today to see if I could update to 4.2.x, yet. It appears that this may not be a prudent decision at this time. Do others agree or disagree? I am only asking this because I value the opinion of other sys admins out there struggling with the same issues.

    Also, I am not very pleased with RA 4.0.122. I have a very hard time successfully pushing out packages to newly built computers that have never had any AV installed. Right now, I am having to run the MSI from a shared folder and then import the settings from an XML file.

    I need to figure out a better, more automated way of uninstalling NOD 32 v2 from 350 XP computers and then installing NOD32 v4. The most important thing to me is finding a very reliable process for doing this.


    Thanks,
    -John
     
  16. rtv

    rtv Registered Member

    Joined:
    Jul 30, 2010
    Posts:
    1
    Wow - I am surprised to hear that this is totally unknown on your side. At least after I didn't get any solution to my support request. Of course it is neither specific to SBS nor is it a recent problem with V4.2...


    FYI: Case: 271017
    EDIT: We're using munin to monitor the server's resources. Windows stops responding after reaching MAXINT handles therefore we set an critical email alert if it reaches 35000 handles. Restart the era server at this point will drop the handle count to normal and the server will of course stay responsive.
     
    Last edited: Jul 30, 2010
  17. LarryV

    LarryV Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    18
    No real progress being made here. I opened another case with ESET, referenced my previous case on the same matter and asked them to visit this forum thread. All I get back is "We need a memory dump". I appreciate that position but as we have all indicated, there is no memory dump.

    I asked if 4.2.58 resolved these issue and got this:
    "We fixed few of this issues and we are working on a new version which will fix other 2008 issues." But when I ask for clarification I get a lot of that "we don't know what you're talking about" stuff.

    They have now asked for screenshots of settings and the results from SysInspector. Problem is, we're uninstalled NOD from any servers that were crashing so I don't have anything interesting to send them.
     
  18. FuriouS76

    FuriouS76 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    3
    I am also having Windows 2008 server hard lockup after installing ESET v4.

    Out of 29 servers installed, 2 of them have this hard lock issue. No log or error messages are available to assist in troubleshooting the cause of the crash. I have seen this crash with both the MS Exchange and standard ESET v4 clients.

    Server 1
    Windows Server 2008 Standard running ESET v4 for MS Exchange. Within 3 hours of install the server hard locked. Removal of ESET fixes the crashing problem. Re-installation of ESET software produces the crash again within 12 hours.

    Server 2.
    Virtual Windows Server 2008 Standard (clean install less than 1 hour old) running ESET v4. Server locked up immediately after install. We destroyed and rebuilt this VM and have not attempt to install ESET on it again.


    I have submitted a ticket to NOD32 and referenced this forum thread in it. Let's hope they have a fix for this and soon.
     
  19. FuriouS76

    FuriouS76 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    3
    ESET support got back to me.

    Going to review my setup and confirm I am complete compliance then monitor for stability.
     
  20. FuriouS76

    FuriouS76 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    3

    I set these exceptions and for 30 hours the server didn't crash. I rejoined it to the Windows NLB for inbound CAS and within 20 minutes the server crashed.

    We'll most likely change vendors, this is ridiculous.
     
  21. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Which build of version 4 are you trying to use? If you can get your hands on 4.0.474 that is the only one that I've seen stable so far. I have 4.0.474 installed on a single Windows 2008 R2 x64 file server and it has never locked up yet (knock on wood).
     
  22. armani007

    armani007 Registered Member

    Joined:
    Aug 10, 2010
    Posts:
    1
    Hi guys,
    I came on this thread on something unrelated but became interested. It sounds like a quandary as you can't provide dump to them to review and they have nothing to go on.

    I came upon a similar situation a couple years ago with a server doing a hang and locking up with no dump and MSFT support provided me a way to force it with the keyboard, but it has to be enabled. You might want to try this to obtain the dump and hopefully their support can see what is causing the locks.

    I did a quick Google and this article should give you a guideline.
    http://msdn.microsoft.com/en-us/library/ff545499(VS.85).aspx

    I'm surprised their support didn't provide this to those of you working with them that don't have dumps.

    Good luck solving the issue.
     
  23. gazzer82

    gazzer82 Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    1
    Has any progress been made in this?

    I have an SBS2008 server and 2 x 2008 Servers and they have all started locking up out of the blue.

    For now i have disabled real time protection and that has stopped the random lockups.

    It's bizarre to watch, as everyone else has mentioned the system just completely flatlines. I am running the server under ESXi so i can monitor all system resources and it just drops out and stops consuming any resources.

    Needless to say this is less than ideal and unless this is resolved asap we shall be taking our business elsewhere when the renewal date comes around.

    Where would i get hold of version 3 until then, also would out V4 license be valid in that version?

    Thanks

    Gareth
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Does this happen with EAV 4.2.64 installed? Have you already contacted customer care who should request a complete memory dump from the moment of the lockup to confirm or deny interference with another driver / software running on the server?
     
  25. acuboy

    acuboy Registered Member

    Joined:
    Nov 11, 2010
    Posts:
    1
    We have had this problem on two of our customers SBS 2008 servers as well. We spoke to Microsoft who immediately said it was Eset causing the server to randomly lock up. Eset has been removed and no problem.

    It seems hard to believe Eset are not aware of any problem with Eset v.4 on Server 2008.
     
Thread Status:
Not open for further replies.