NOD32 crashes server when Retrospect backup runs

I have a NAS running Windows 2003 Appliance Edition that I just installed NOD32 on.

I have never had problems with this server

I have a retrospect backup server on my network which does nightly backups on this server.

When I came in this morning it had recovered from a serious crash related to a driver issue?

The backups ran at the exact time of this issue.

I read an older thread with people have this same issue, something to do with a setup.log that gets scanned over and over again and relates to drivers

I need to know how to fix this, I use and reccomend NOD32 but this would be a show stopper if I can't run my backups on servers that run NOD32

Please advise

 

Re: NOD32 crashes server when Retospect backup runs

Hello,

Have you tried excluding the directories containing the EMC Retrospect files from being scanned? If so, did this make any difference?

Regards,

Aryeh Goretsky

 

Re: NOD32 crashes server when Retospect backup runs

I will try this tonight and post back in the morning

 

Re: NOD32 crashes server when Retospect backup runs

Before NOD32 I was using another AV and didn't have any problems with Retrospect. After removing the other AV and installing NOD32 I noticed svchost.exe using all resources. The system only became responsive after terminating svchost.exe. The error is recorded in the application event log:

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 24-9-2006
Time: 20:25:11
User: N/A
Computer: XXXXX
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 55 45 43 58 4d 4c 43 BUECXMLC
0008: 33 35 33 32 00 00 00 00 3532....
0010: 42 55 45 43 58 4d 4c 43 BUECXMLC
0018: 33 34 39 34 00 00 00 00 3494....

Event Type: Error
Event Source: Retrospect
Event Category: None
Event ID: 1
Date: 24-9-2006
Time: 20:25:11
User: XXXXX\Backup Administrator
Computer: XXXXX
Description:
Can't use Open File Backup option for Local Disk (C, error -1017 (insufficient permissions)

The problem isn't with permissions, because the backup user has administrative permissions and the problem only occurs with NOD32.

Currently I don't have time to troubleshoot this issue (disable open file backup or exclusions and report it to NOD32 and EMC) so I replaced NOD32 with another AV that doesn't have issues with Retrospect.

 

Re: NOD32 crashes server when Retospect backup runs

Perhaps AMON is set to scan all files whereas the other AV wasn't?

 

Re: NOD32 crashes server when Retospect backup runs

IIRC AMON was configured according to BlackSpear's settings and the default is to scan all files. I'm going to switch AV again very soon. The problem can be reproduced very easy so I can use a default NOD32 installation and see what happens under different settings. If it works I'll stick with NOD32

 

Re: NOD32 crashes server when Retospect backup runs

Re-installed NOD32 and the issue with Retrospect could be reproduced. In AMON I disabled the option "Scan all files" and after one day of testing I couldn't reproduce the issue.

So it seems that NOD32 has issues with Retrospect and Open File backup (VSS) when the option "Scan all files" in AMON is enabled and the option "Back up open files" is enabled in Retrospect. FYI: I did not test disabling "Back up open files" with "Scan all files" enabled.

I'll continue testing Retrospect with "Scan all files" disabled and report back to this topic if there are any new issues.

 

Re: NOD32 crashes server when Retospect backup runs

This sounds right.

The default configuration provided by ESET is set for a very high level of detection and compatibility whereas Blackspears settings are tuned for maximum detection and automation.
After you untick 'Scan all files' the default list of extensions to be scanned already includes all known types of executable extensions.

In case you wish to read more there is a list of Microsoft documents here that discuss implementing anti-virus in a server environment.

Cheers

 

Re: NOD32 crashes server when Retospect backup runs

My concern was that this list wasn't updated. Every year you some new extensions that can carry malware like e.g. skins, jpg or pdf. According to AMON help "The set of file extensions to be scanned is constantly being updated and you are provided with regular updates as needed."

Thanks for the pointer, but I'm using Retrospect on Windows XP I recently purchased Retrospect because I couldn't find any other backup software that meets my requirements.