NOD32 AV Server Problems

Hi,

We have recently moved some clients over from AVG for server and client protection.

This has been done with the server console with a HTTP server configured for updates.

All clients seem fine, but we are having problems with various servers crashing periodically (once or twice a week, during the day) to the extent that they need a complete "Power button" reset.

I wondered whether or not anybody else has experienced this? We have tried adding the exclusions normally expected on a server but this seems to make no difference. All servers are quite well spec'd with at least 4GB RAM and the biggest one provides to 15 users.

Thanks for any ideas.

Simon

 

Please check you private messages, I've dropped you one.

 

We are experiencing a similar issue with our SBS 2008 server, it has hung twice in the last 24 hours with no real reasons in the event logs, the hardware is running OK but no response at all to the network or keyboard only a power off works.

Any Ideas, does MS KB961775 apply here? does NOD use TDI?

Thanks

 

Make sure you have applied the necessary exceptions . Additionally , you could use v3.0.684 (the latest v3 build)

Check this out : http://kb.eset.com/esetkb/index?page=content&id=SOLN727&actp=LIST_POPULAR

Yes , a driver at the TDI level . It is used to scan the web/email traffic , as far as I know .

 

Niloc,

We had to remove V4 from the servers temporarily as it was causing embarrasing problems. I have re-installed one with the latest V3 version last night... will report back when I know more.

Thanks,

Simon

 

Is there any real diff between v4 or 3 - this is quite silly: v4 doesn't work, so use v.3. GET THE DAMN THING TO WORK.

 

V4.0 introduces 2 new drivers for those operating system types, and a different way of doing things than 3.0 did, thats all I know.

ehdrv.sys
epfwwfpr.sys

Eset should get with microsoft on this and figure out what the problem is and fix it, can't be that hard.Either microsoft will deploy a service pack for them to get around this issue, or the microsoft developers will identify the issue for eset and tell them what they need to change to fix it....real simple

 

Thing is about these deadlocks that happen on 2k8/vista is that they produce no kind of dump file for anyone to send into ESET.. I truly believe that it is in conjunction with a heavy used server... Our File Server is heavily used, and after going from V3 to V4 it hung/dead locked.. Had to cold boot... You could hit Ctrl-Alt-Del etc.. People want to contribute this to me having bad exlcusions etc but that is a bogus claim in my instance where I have all the needed things exluded per microsoft, and ESET both WITH added extras..

Never the less, 2K8 and 3.0.684 run solid, and I even went back to 2.7 because honestly it was the bread and butter when it came to stability.. My servers do not need the extra Web Protection benefits.. If I could plead one thing to ESET it would be to return to Version 2.7, and build off it.. I know it may be a slap in a face to the new development team but I think if you did a poll online a lot of ESET users would agree that 2.5/2.7 were really shining gems we fell in love with..

 

were these exclusions necessary in 3.0.684 on server 2K8 ? do you notice any trends like how much up time the server has, how many users are connected and how many files are open around the time this event occurs ? who monitors your servers ? do you see what process is using the most CPU around the time this happens ? you can manually generate a memory dump, if you can simulate this problem and then catch it at the right time, but I doubt that will help anything, the new drivers they switched to are clearly unstable on these OS types.So, why doesn't someone pick up the phone and get this out of the way, alot of people seem ~Snip~, I don't blame them.Eset is losing business as well, and when the economy is threatened, isn't that the last thing a company wants ?

 

Try to change the minimum verbosity of NOD32's own event log to diagnostic records, if you have not allready done so, and check there for complaints or weird things from within NOD32 itself.I don't think windows monitors NOD32 in the event log, it has to be configured to do so by the setup program, and I do not believe it is, and NOD32 does not report to the event system, unless they changed that in V 4.0. I'm fairly certain if your savy enough with windows and know the registry well, that you can set up NOD32 to be monitored by the event log and get reports of time outs or other instabilities.

I remember seeing this in the windows registry and what programs are monitored and the parameters set and the possiblility to manually add one, but I can't remember where, I'm looking for it now.

 

This is where you want to look to see whats monitored and what is not and to mabe add another:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]

 

I'm going to mabe try an get this to work and fiddle with it tonight for NOD32 programs I put in the application section of the log and NOD32 drivers in the system log section and simulate some errors and hang-ups and see if windows generates a message about it, will report back if it works or not.

 

Just though of something else that might help identify the problem, configuring performance logs and alerts on those servers?

 

Am having similar problems with my NOD32 4.0 admin server. OS is W2K08 sp2 x64. Server also running MS WSUS 3.0 sp1.

This admin server started hanging two days ago as more clients were migrated to it. Total clients right now is about 300 - mostly still v2.7 - maybe 30 v4.0 clients.

When server hangs, it is still ping-able but otherwise hung. Have to reset power to get it back. At one point yesterday, it took 3 or 4 consecutive reboots to get it to stay up. After that it ran from about 10AM yesterday to about 9:30AM this morning. Had to power-cycle to get it back.

And as I write this, it has hung up again.

Help ESET!!!!

 

Just had to power-cycle the admin server again.

 

I have also seen this exact same issue on two different servers. You can ping the server, but you can't access anything on it. When you check the console, the mouse moves but the server is basically hung. The issue seems to happen when a file server is being heavily used.

 

I guess in my case, with the NOD32 admin server being hit by 300+ clients for AV definitions, and WSUS updates, it could be considered a heavily used "file" server. It has stayed up since the reboot Saturday afternoon.

 

Same here on a few different servers.
Now we downgraded to v2 and all seem to work fine.

 

The thing is this, those servers are production.. I tested Version 4 on Clients with no problems aside from some slow down complaints from end users.. I tested V4 on Windows 2008 Servers before finding it safe to use.. I ran it for months during beta, and during the first 4.0 release on Global Catalog servers for a long time, and never had a problem. I am an early adopter because I find it necessary for end users to report the problems back to the vendor.

Our setup on these servers were 2008 Server SP1 using Microsoft Clustering Service for File Services.. The server would deadlock, not fail over, and we would have to cold boot it.. Then it would release, and go to the next server which would deadlock in 5 minutes. This was the first time I ran into a 4.0 problem.. I cannot put 4.0 on those servers to test because it is production. The best I could do is setup a lab environment and try to reproduce it but I honestly have no time to do that but wish I could.. If I were working for ESET as a reseller I would have a VMware setup and find these problems to report.

I also seen twice the same activity occur on my own Windows Vista machine one time out of the blue, and on a friends.. Amazingly it never did it again.. I don't know what triggers this deadlock state in V4.. It is hit and miss.. I still have it running on 2k8 GCs across the state, and it NEVER has happened on any of those.. Just our File Server on 2k8 with clustered file services.. I have went back to build 3.0.672 on it with no problems. I support many flavors of 4.0 on my 2000 and XP machines with no problems like this. Something specific to Vista/2k8.. I have ESET exlusion recommendations printed out, Microsofts, and then some..