NOD32 causes Servers to freeze, eating up CPU resources

Discussion in 'ESET NOD32 Antivirus' started by matojo2006, Apr 29, 2009.

Thread Status:
Not open for further replies.
  1. matojo2006

    matojo2006 Registered Member

    Joined:
    Apr 29, 2009
    Posts:
    4
    I came here for a solution to various frustrating problems I am experiencing with NOD32. I manage several websites and servers where I use(d) NOD32 and SmartSecurity 4.

    I have several Windows 2003 servers where I host our business websites. Initially, I installed NOD32 tral version. Everything went fine until I reached close to the expiration of trial. Then it started using 100% CPU all the time. After trying all kinds of tweaking, I uninstalled the trail version.

    Thinking that the expired trial version may be causing the problem, I went ahead and bought the NOD32 Antivirus licensed version. It occassionally created the 100% CPU problems.

    Finally I decided to "upgrade" to Smart Security 4. The experience was horrible. Out of 3 servers, I was kicked out of 2 servers (I was using Remote desktop) after installing SmartSecurity. To get access back to the server, I had to wait several hours until someone walk in to the remote data center, login and disable the SmartSecurity. And to my surpise, the IIS also was shutdown during this time, causing all my websites to go down for several hours.

    I learnt that I have to allow explicite permission on SmartSecurity to use remote desktop. I configured it according to instructions. And it worked great for 2 days and then it kicked me out of the server again with no remote login access again. Again the same story - someone had to go to remote data center and enable remote desktop connections in SmartSecurity.

    After few weeks, I was tired and decided to get rid of SmartSecurity. I went back to NOD32.

    Simple NOD32 works smooth most of the time, with many exeptions.

    We have a watch dog service which monitor the websites and restart application pools or IIS when the critical sites becomes non responsive. Last 4 weeks, these monitoring services started going wild, causing all websites to be restarted every few minutes or hours. After several days of investigation, we found that shutting down NOD32 solves the problem. Further investigation showed that NOD32 is going wild sometimes and is eating up all CPU and causes the sites to freeze every few hours.

    I disabled the antivirus and realtime protection to see how it goes. Even after disabling the real time protection, I found that there are still some activity going on. Our monitoring services call some websites and webservices to check the health. The NOD32 Protection Status >> Statistics shows that it still scanning those URLs. I could not figure out a way to disable that scan. Is there a way I can disable scaning of selected URLs ?

    At this point, I am completed frustrated about the over CPU utilization of NOD32 at random intervals. It could be my mistake that I am not making proper exceptions for scanning, but can't NOD32 provide me some status report on what is causing the problem ?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Have you properly set up the recommended exclusions?
     
  3. matojo2006

    matojo2006 Registered Member

    Joined:
    Apr 29, 2009
    Posts:
    4
    What is recommended exclusions ? I have excluded the log files & databases files, nothing else.
     
  4. PRJUS

    PRJUS Registered Member

    Joined:
    Sep 13, 2007
    Posts:
    95
    Location:
    Denmark
    To me running ESET NOD32 4.0 on a production system is like upgrading to a new version of Windows before the first servicepack is released. I wouldn't do it yet!

    In order to catch viruses antivirus systems (NOD32 or whatever antivirus system one would use) has to integrate quite deeply into the operating system and I have seen it so many times now: New code causes performance and stability problems that are hard to track down because of the many different configurations out there.

    My recommendation would be to go with NOD32 3.0.684 for the time being which I have running at several customers on various servers without any problems.
     
  5. bradtech

    bradtech Guest

    I agree however for someone getting fresh into the ball game it's nice to go with the new thing out during the initial push. On Servers I don't think 4.0 was a good idea, on workstations though it seems to be doing adequate for me with some minor problems.
     
  6. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Still using 2.7 on servers and will continue for a while.
    v3 for clients and testing v4 on standalone machines.
     
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    High-volume web servers can have problems with the HTTP module eating up CPU cycles for scanning and you may be better off disabling that portion of the product.
     
  8. bradtech

    bradtech Guest

    Do you happen to run 2008 Server 64bit? Or just 2k3, and 2k?
     
  9. matojo2006

    matojo2006 Registered Member

    Joined:
    Apr 29, 2009
    Posts:
    4
    We are using Windows 2003 Servers. I do not want to upgrade to the 64 bit servers in the near future.

    Now I have disabled the http modules, excluded the extensions .txt, .log, .jpg, .gif etc and it seem to be pretty stable with that settings now.
     
  10. matojo2006

    matojo2006 Registered Member

    Joined:
    Apr 29, 2009
    Posts:
    4
    Will the NOD32 4.0 license key work for 3.0 versions ? I am thinking about switching to 3.0 now based on the above feedbacks.
     
  11. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    All Win 2k3 32 bit and no SBS servers.
     
  12. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Your username/password will work with any version.
     
Thread Status:
Not open for further replies.