NOD32 3.0 messing up Adobe CS3 applications (false positives)

Discussion in 'ESET NOD32 Antivirus' started by dscrap, May 22, 2008.

Thread Status:
Not open for further replies.
  1. VisionG

    VisionG Registered Member

    Joined:
    May 22, 2008
    Posts:
    4
    Same issue here! NOD32 was slowing our wks so much that it was impossible to uninstall NOD32 or even add exclusion. We had to kill the ekrn process before being able to uninstall NOD32.

    Now since there is a new release fixing it, i'll try to reinstall NOD32 on 1 machine and see what happens.
     
  2. Fesick

    Fesick Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    I have also experienced freezing after updates twice today. Also got hit with the acrobatfnp.dll FP earlier today. When frozen, I can't do ANYTHING but turn the power off. CTRL-Alt-Delete doesn't bring up task manager so I can reboot from there either. I just love randomly losing my work and wasting my day when I have deadlines. Thanks!

    I'm at 3123 at the moment and hopefully this BS will stop soon so I can get something done today. :mad:
     
  3. Dave16

    Dave16 Registered Member

    Joined:
    Apr 28, 2008
    Posts:
    45
    I have NOD32 installed on 2 of my computers, and never had any of the problems everyones having. I have Adobe installed, NOD32 ran fine on both comps through all updates 3118~3123. I guess its something that doesn't affect everyone? - No false-positives.
     
  4. dscrap

    dscrap Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    156
    Thanks
     
  5. VisionG

    VisionG Registered Member

    Joined:
    May 22, 2008
    Posts:
    4
    Yes, it works with the new release.
    Bravo!
     
  6. chmiller

    chmiller Registered Member

    Joined:
    Feb 7, 2007
    Posts:
    41
    I sure hope ESET will listen to this common sense advice and be able to assure us of safeguards against this happening again. In the midst of frantically working on several locked up workstations, I just love having users screaming at me about lost time. I'm sure it will help the situation to explain that the antivirus I put on the machines was the cause of it all. :oops: Yeah, I know I'm whining, but I sure expect simple tests to be done before releasing. Sheesh. :thumbd:
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    Right, not everyone was affected. A file that was detected on one's computer might not have been detected on another one. It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm, otherwise the problem would have been caught during the pre-release test. In fact it was a well hiden bug from v2 that resulted in this problem and which has been identified and fixed within a reasonable time frame.
     
  8. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Ok so if i set cleaning level to "strict cleaning" i will still see a popup and no automatic deletion?
    According to the information in nod32 it says that the program will attempt to automatically clean or delete without user intervention except for system files when set to strict cleaning. In that case what is the difference between strict cleaning and no cleaning.....just curious since i obviously don't really understand this option which i thought i did.

    Gan
     
  9. AniG

    AniG Registered Member

    Joined:
    May 22, 2008
    Posts:
    2
    I guess a lot of people have had this issue because of a messed up NOD32 update. I have several machines that needed more than 3-4 hours of downtime each to repair this issue about the false positive that rendered Adobe CS3 unusable.

    In any case, what I did was so to do a repair instead of a reinstall. So, in XP>Add Remove Progs, I used the option to repair the Adobe CS3 install instead of uninstalling. You will need the original Adobe CS3 discs for this of course.

    Now things are fine, no settings lost. Much better than reinstalling and reprogramming all your app settings (argh!). But still lost an entire work day, not to mention the stress.

    ESET should really get their act together. At least issue a frikkin apology! I have a 2 year subscription to NOD32, which I love, but this kind of a faux pas is inexcusable!

    Anyone at ESET listening?
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    79,046
    Location:
    Texas
  11. AniG

    AniG Registered Member

    Joined:
    May 22, 2008
    Posts:
    2
    thanks ronjor.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    79,046
    Location:
    Texas
    You're very welcome.
     
    Last edited: May 22, 2008
  13. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    What is the fix for this problem for people who are not using Security Suite? None of the files or folders mentioned in the "Knowledge Base Article/Apology" are on this system
     
  14. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Though this is a very time consuming and annoying issue one has to keep this in perspective as well. With well over 300 million Windows computers out on the Web with hundreds of thousands of different programs and configurations on them, and not even including the Malware or Virus issues it's an impossible task to constantly update a security product daily and not potentially cause problems with computers out on the Web regardless of how large your Company is and how many programmers you have on board.

    I can not think of any AV or AM product out there that has not at one time or another had issues with FP or worse.

    ESET was not hiding from the problem and addressed it unlike some vendors who actually have attempted to hide from the issue for days until it was proven it was their fault.

    I can guarantee you now that regardless of which product you use for AV or AM that sooner or later again in the future there will be issues. It's a part of computing that will probably never go away. Updates on every platform can and do potentially cause more harm than good at times and there is just no feasible way to duplicate every system configuration out there and test it to ensure there is no issue even on a single product that has months or years of development let alone one that is updated daily or hourly.
     
  15. wattjg

    wattjg Registered Member

    Joined:
    May 12, 2004
    Posts:
    3
    I wound up having to restore two XP systems because of that mess. The symptom was a hung system on both. The third XP system, a laptop, only survived because it was suspended.

    Jim
     
  16. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    Sorry, not buying it. As a Microsoft Premier MVP responsible for maintaining 70+ mission-critical machines on a mixed manufacturing floor, updates do not escace my control w/o adequate testing. Multiple failures of the ESET 3.0 Security Suite cost ESET 9500+ corporate licenses in early 2008, and my judgment is upheld today. Unfortunately, this failure affects the computer I most care about -- my home gateway.
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,713
    Location:
    Toronto Canada
  18. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Well you're entitled to your opinion and certainly within your rights to be upset, however to believe that anyone will never produce system errors from programming updates is a bit too optimistic.

    I've had Symantec, and McAfee Coporate Editions do the same thing as well. I've been on a Team that watched over 70,000 systems so I too am aware of the monumental task of managing that many systems and it has nothing to do with ESET it has to do with the complexity of computing.

    If anyone on the Planet thinks they can write and manage code that will be installed on millions of different computers and configurations and will NEVER cause an issue please step forward as I think we would all like to meet someone of Deity. I've been in the business for over 15 years and I've not found any software that is error free.
     
  19. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
    i think NOD32 did find out that adobe pokes alot around with the MBR :thumbd:
     
  20. pb4072

    pb4072 Registered Member

    Joined:
    May 23, 2008
    Posts:
    1
    nod32 and Adobe applications

    I've spent the last day and a half uninstalling and re-installing my Adobe Creative Suite 3. It's only yesterday afternoon, by reading in this forum, that I realized that it was nod32 that was giving me false positives. This is depressing. Every graphic artist in the world using Windows and nod32 must've been affected by this yesterday morning. I bought this software myself for us on my PC at work. nod32 has always served me well in the past. My company uses Norton, which I hate because it's such a memory hog. But, it appears I might have to go back to Norton to prevent this kind of situation again. Does ESET actually test their updates on real users, people who aren't just accountants?
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    Re: nod32 and Adobe applications

    Please refer to https://www.wilderssecurity.com/showpost.php?p=1247063&postcount=4 and https://www.wilderssecurity.com/showthread.php?t=210216 for details and explanation. It was not a typical false positive caused by a wrong signature or heuristics triggering the alarm. The problem occured under specific circumstances; files detected on one computer might not have been detected on another one. For this reason, the update passed the pre-release test. ESET released a fix shorly after to all users.
     
  22. tebbens

    tebbens Registered Member

    Joined:
    May 23, 2008
    Posts:
    7
    From your documentation....

    Do not clean
    ------------
    Infected files will not be cleaned automatically. The program will show up a warning window and allow the user to choose an action.

    Default level
    ------------
    The program will attempt to automatically clean or delete an infected file. If it is not possible to select the correct action automatically, the program offers a selection of follow-up actions. The same happens if a predefined action couldn’t be completed.

    Strict cleaning
    --------------
    The program will clean or delete all infected files. The only exceptions are the system files. If it is not possible to clean them, the user is offered an action to take in a warning window.


    -------------------------------------------


    Why would the default level NOT automatically clean or delete an infected file ?

    What steps has your company taken so this problem never happens again ??

    Why not make "Do not clean" the default level ??
    Then let people adjust to a more dangerous setting themselves o_O

    Matthew
     
    Last edited: May 23, 2008
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    A prompt window with action selection appears also in case a file has been infected with a virus or when detected by heuristics.
     
  24. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    Another victim of the Adobe False Positives, got it fixed, but NOD32 deleted my mail!

    This is just the beginning of my nightmare...

    Adobe false positives? No big deal...


    My computer would lock about a minute after login onto XP. I tried and tried and tried to fool around with NOD32 for hours, and nothing would work before the next lock-up. I figured my computer was infected and it was a matter of time before my whole disc would be shot.

    I took the following steps to fix my Adobe problems 2 days ago:

    • I did a Safemode restart.
    • I used system restore to get my system to the night before the bad V3 update.
    • Uninstalled NOD32 V3.
    • Logged back onto XP to make sure I did not lock up again. It worked.
    • Re-installed NOD32 V2.7.

    All is good up to this point, right?

    So I start checking my email on Thuderbird and while I am doing that I launch a NOD32 V2.7 In-Depth Scan of my C:\ to make sure that NOD32 is not going to mess up something or find a real virus, etc.

    As I am looking through my email folders and such, I notice that for no reason, ALL of my inbox message have disappeared! Months worth of important emails, some which I still need to reply to GONE!

    As I freak out trying to find an answer to this sudden loss I look at the NOD32 log and notice that at the same time I found my emails gone NOD32 had attempted to scan my INBOX DATA FILE while Thunderbird was accessing it...

    Somehow this conflict as reported by NOD32 (C:\Documents and Settings\Bis\Application Data\Thunderbird\Profiles\gk9bjamf.default\Mail\mail.djbis.com\Inbox.msf - error opening [4]) caused for all the emails in that INBOX data file to disappear and now I am trying to figure out how to get my data back!!!

    My emails are gone. I tried to look in NOD32's quarantine, and followed Thunderbirds Knowledge base to attempt recovery of data, nothing has worked.

    Please enlighten me... Why did NOD32 do this?


    See details here, I need YOUR help!



    Thank you.
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    Re: Another victim of the Adobe False Positives, got it fixed, but NOD32 deleted my mail!

    "Inbox.msf - error opening [4]" means that NOD32 didn't touch the file at all. What's more, msf files have never been scanned by NOD32 so I wouldn't blame NOD32 for losing the file.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.