NOD 4.2.58.3 web protection @ WIN 7 64bit stops download of ATI Catalyst driver 10.7

Discussion in 'ESET NOD32 Antivirus' started by vtol, Jul 27, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    using the ATI Catalyst_Mobility_64-Bit_Util to download the latest ATI 10-7_mobility_vista_win7_64_dd_ccc.exe it ends up being cancelled at 99.9% with NOD web protection enbled. Disabling latter gets the download through. There is no indication in the NOD logs of why the download gets cancelled, however it is obvious that NOD is interefering for whatever reason.

    this is reproducable any time on my machine

    This seems to be just another page in the never ending Eset story with NOD's web protection and downloads being halted/suspended/cancelled...

    27-07-2010 11-13-09.png
     
  2. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Downloads here ok.

    I've downloaded: https://a248.e.akamai.net/f/674/920...mobile/10-7_mobility_vista_win7_64_dd_ccc.exe

    using NOD EAVBE 4.2.58.3 on Win7 Pro x64, with all defaults (including web access enabled). Downlaoded via IE8.


    Virus signature database: 5316 (20100727)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1282 (20100715)
    Advanced heuristics module: 1109 (20100519)
    Archive support module: 1116 (20100709)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1019 (20100525)
    SysInspector module: 1216 (20100517)
    Self-defense support module : 1016 (20100404)




    Jim
     
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
  4. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Correct....but it got me the file. I don't have an ATI card, so I was unable to use any auto-update utility from a built-in app (assuming that's what the OP used).
     
  5. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    it is not auto-update and it may not require an ATI card installed (not sure).

    http://support.amd.com/us/gpudownload/windows/Pages/radeonmob_win7-64.aspx

    Option 1 - Full Software Suite, File Size 1.1 MB
     
  6. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Downloaded and saved using Firefox 3.6.8. No problems with NOD32 ver 4.2.58.3, but bear in mind I have Win XP SP3 (32-bit not 64). It may be some interaction between the ATI software for updates and NOD32. More people testing could narrow it down.

    Just tested again to make sure I downloaded the large file successfully and it worked fine with no problems saving the file.
     
    Last edited: Jul 27, 2010
  7. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Must be the app you're using. I downloaded ATI 10.7 64 bit for Win7 last night using IE8 and had no problems with NOD 4.2.58.3.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    When you have determined if you require the ATI drivers, vtol, check your services.msc applet to see if the service is started and running.

    I run an ATI GPU, the service is started and automatic.

    I also was able to manually download the posted executable under XP using IE 8.
     
  9. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    it is not the application, when NOD's web protection is disabled the download through the ATI Catalyst_Mobility_64-Bit_Util is just peachy.
     
  10. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    sorry mate, but I am not certain what you are getting at with the service stuff. the download through IE8 is not questioned but through the ATI Catalyst_Mobility_64-Bit_Util. turning off NOD's web protection gets the download complete, whilst web protection on cancels the download as shown at the beginning.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If the ATI service are disabled in some way, that could cause you issues is what I was getting at: run
    from your run box see of all ATI releated services are started & automatic
     

    Attached Files:

    Last edited: Jul 28, 2010
  12. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    This is a very interesting issue you reported, Vtol. I will check with some of my colleagues on it.

    Regards,

    Aryeh Goretsky
     
  13. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    nah, I reckon you got a bit off path here. Correct me if wrong, but that exe you mentioned is described else as SMARTGART - ATI's proprietary diagnostic tool to determine the most stable AGP setting (for problematic systems), making the most stable drivers in the industry even more stable. what I understand it is even non-essential.

    moreover it is not even installed with the mobile drivers, neither does it belong to the ATI Catalyst_Mobility_64-Bit_Util, hence there is no relevance to this matter.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Since we do not have any notebook with an integrated ATI chip and the application refuses to continue due to incompatible hardware, I wonder if you could capture http traffic for a couple of seconds when the application starts and begins the download of the large sfx archive. Please compress the pcap log, save it somewhere on an ftp or file sharing service and PM me the link.
     
  15. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    ATI Catalyst_Mobility_64-Bit_Util uses port 80 and the http_c_bulk protocol. see PM for download of pcap log.

    for comparison made the dl also via browser (completed), file size on disk reading:

    29-07-2010 14-52-39.png

    using the ATI Catalyst_Mobility_64-Bit_Util (cancelled) the file size reads:

    29-07-2010 14-50-22.png
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi vtol,

    While Aryeh and Marcos have already answered, may I nevertheless ask a question if you would allow me?
    As I understand from you, downloading via the browser goes OK, but not OK via the ATI Catalyst_Mobility_64-Bit_Util.
    Have you tried to exclude ATI Catalyst_Mobility_64-Bit_Util in the NOD web protection?
    (yes, I know that you said that it worked OK with WEB protection turned off, but it wasn't clear, at least to me, whether that was a complete turning off of the WEB protection or only for the ATI Catalyst_Mobility_64-Bit_Util).

    Well, it could be a dumb question from my end.....

    BTW:
    I know nothing about http_c_bulk. Is this related to cFosSpeed?
     
  17. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    thanks for checking in. I trust there is no such thing as dumb questions...

    I did not exclude ATI Catalyst_Mobility_64-Bit_Util from NOD's web protection but disabled the web protection entirely.

    As for the http_c_bulk protocol it is used by cFosSpeed but not defined by them but the OSI model. if you are curious you might check those links below. A download by a browser will be also http_c_bulk

    http://en.wikipedia.org/wiki/OSI_model

    http://devcentral.f5.com/weblogs/ma...er-7-protocol-versus-layer-7-application.aspx
     
  18. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi vtol,

    Thanks to you too.
    Yes, you're so right: there ain't no dumb questions.
    (it was an honest question from me)

    OK, thanks for clarifying! I understand.
    If I may suggest it: why not try to exclude only your ATI Catalyst_Mobility_64-Bit_Util from the NOD WEB protection instead of to entirely turn off NOD WEB protection, and see how that would go?
    (And maybe the same for the Apple Updater (in case that one is related to the same issue) in your other thread?)

    Well, it's only a suggestion.
    Of course I don't know whether ESET can help you further.


    Thanks for the links.
    It is, I guess, about some 20 years ago that I got extended lessons about the OSI model.... (and went later on another way).
     
  19. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Wait, you're saying that "A download by a browser will be also http_c_bulk".

    What do you mean by that?

    Once again I have to tell that I don't have knowledge about "http_c_bulk".
    And my lessons about the OSI model go too far way back.....

    But nevertheless I don't understand this with respect to your issue:
    You said that you had no issues with downloading the ATI-file using your browser (I'm assuming here that you had at that time the NOD WEB protection enabled).

    I might be misunderstanding things here, but in some way it sounds to me as a contradiction.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The thing is the sfx installer contains about 3600 files inside and takes about 40 seconds to get scanned. Hence it sounds to me like a timeout issue of the update application that doesn't count on with delays caused by AV scanners scanning the file. In the future it will be possible for us to whitelist whole sfx archives and thus prevent them from being scanned internally to avoid such issues with problematic software. For now it's only possible to set a size limit for scanned objects in web/real-time protection.
     
  21. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    at least promising that it is thought about it, but there are already a few other things pending and not getting fixed. the development of NOD seems rather slow since 4.2.xxx - please spare the argument that is has to be tested and be compatible as everybody else has to deal with it too. things might evolve a little faster today than 10/5/2 years ago.
     
  22. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    it may, but it does not - see post below, with the utility the download gets extracted and run automatically at the end of the download, not so much when downloading with the browser
     
  23. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Just to follow-up, there are a number of different things which can—and are—being done to mitigate this issue as well as the similar one you reported in the NOD 4.2.58.3 web protection @ WIN 7 64bit prevents dl/installation of Safari update message thread, some of which are more immediate solutions, while others are more long-term (architectural). I will keep you informed as I hear more.

    Regards,

    Aryeh Goretsky
     
  24. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    Thing about this issue is so inconsistent. You can have two pc's same nod32 installed one will cancel the download the other downloads.
     
  25. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    4.264.12 / new ATI drivers out today / download though the ATI utility still gets cancelled with NOD's web protection enabled...

    Virus signature database: 5396 (20100825)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1284 (20100729)
    Advanced heuristics module: 1113 (20100825)
    Archive support module: 1122 (20100826)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1022 (20100812)
    SysInspector module: 1216 (20100517)
    Self-defense support module : 1017 (2010072:cool:
    Real-time file system protection module: 1004 (20100727)
     
Thread Status:
Not open for further replies.