NOD32 Enterprise Mirror not updating

Ok, my NOD32 Enterprise is not updating. All computers in the district are set to update from it, it updates from ESET. Everything is still 2.50.25 and we are having a ton of NT Authority shutdowns due to NOD32 - what can I do to make it update and send it out?

Thanks,
RushB

 

Even though newer versions are listed on the website, 2.50.25 is OK for the NOD32 version. The changes in the newer versions have been minor enough that an automatic update from 2.50.25 is not warranted. Things like language support, etc.

Which virus signature databse do you have on your server (both running and mirror) and clients? 1.1683? 1.6777? Something else?

NT Authority shutdowns? On which computers? The server? The mirror? The clients? Are you running IMON on the server? Is the mirror set up as a Windows shared folder, or do the clients update via HTTP on port 8081?

If they do update via port 8081, are there any other HTTP services running on the server? For example, Windows Sharepoint uses port 8081 by default, so this can cause a conflict. If this is the case, try setting NOD32 to use a different port, and see if that works any better.

 

Anyone on Active Directory is getting hit - IMON is running, nothing else on port 8081. Not worried about the updates, just wondering why I haven't gotten to them. Av is showing 1.1683

Thanks,
RushB

 

Hmmm, 1.1683 is the current signature version, so that part sounds up to date.

Do you mean that IMON is running on the server? That may be a problem. Because of the way that IMON inserts itself into the Winsock stack, it can interfere with the normal functioning of network services and lead to all sorts of weird problems. In fact, Eset recommends that you not run IMON on servers for this reason, and instead depend on AMON alone to protect your server.

On your server, go to IMON --> Quit (unload IMON), then reboot (when you get a chance, of course). This will prevent IMON from running on the server. See if that helps.

Some very lightly loaded servers can get away with running IMON, but again, it is not recommended for stability reasons.

You should continue to run IMON on your regular client computers.

 

How are you clients configured to get their updates? Two specific things I'd like to ask here....
1) Are they updating via UNC? For example...\\servername\mirror ? In which case..you have domain accounts and permissions to deal with.
or..the preferred method....
2) Are they updating via http? In which case, they get their updates from http:\\servername or server ip address\:8081 Also you don't need client credentials to update from http.

Most people here prefer having their setups get their updates via http.
By default, it will want to use port 8081. However some setups are already using that port on the server, such as if you're running Sharepoint...(Small Business Server 2003 users pay attention).

Also by default...the config utility will spit out a pre-configured XML file which points clients to the servers netbios name for their updates...I prefer to flip that over to IP. So...for example, clients will update from http://192.168.10.10:8081 instead of http://server1:8081. It's less load on your network..less load on your DNS services. IP always works. Many networks don't have DNS setup properly..but even if so..why put additional load on your DNS servers.

 

Everyone updates via http from the main server. I do have a login setup, they are hitting the ip address at 8081 - AV signatures are up to date, but not the engine - still showing 2.50.25 on the engine - that's the part I am wondering about. I'm wondering if the LSASS errors would stop if the engine was up to date:

Error caused by NOD32 Antivirus System: no specific solution available

Thank you for submitting an error report.

Problem description

An analyst at Microsoft has investigated this problem and determined that an unknown error occurred in NOD32 Antivirus System. This software was created by Eset.

Recommendation

Microsoft has researched this problem with Eset, and they do not currently have a solution for the problem that you reported. Below is a recommendation to take that may help prevent the problem from recurring.

Contact Eset for support or product updates.

Additional information

If this problem continues to occur with the latest product updates for NOD32 Antivirus System, we recommend you obtain assistance and troubleshooting information directly from Eset.

 

The engine still showing up as 2.50.25 is normal. The updates since 2.50.25 have been mainly to fix a problem some people were having with Windows Update, to fix a compatability problem with some Cisco routers, and to add support for 64-bit Windows. I do not know of any fixes which address an LSASS problem. Overall, these problems have been minor enough that Eset feels an automatic update from 2.50.25 is not necessary.

https://www.wilderssecurity.com/showthread.php?t=136907&page=2&highlight=2.50.25
https://www.wilderssecurity.com/showthread.php?t=128499&highlight=2.50.25
https://www.wilderssecurity.com/showthread.php?t=126658&highlight=2.50.25
https://www.wilderssecurity.com/showthread.php?t=116208&page=2&highlight=2.50.25

However, if you want to try for yourself, there is nothing stopping you from installing the current version (2.51.26, I believe) to see if it helps. Many people have updated using the "install over the old software" method without any problems, but you may also consider uninstalling the old version, rebooting, then installing the new. You will use the same username/password for your license key.

At least by installing the new version, you will find out for sure if the problem is the older version, or if it is something else related to NOD32.

 

Ok, I understand what you are saying, but if I have bought and paid for the enterprise version and have 600 pc's licensed, plus all my servers then I should be getting the latest version pushed down to me by ESET. How do they know that one of my pc's is not having a problem with Windows Update - I'm not going to go out and install over 600 pc's to get the update that should be getting pushed down from my server. Does that make sense?

Later,
RushB

 

How is your RAS box setup..as far as method for program updates? Has it been bounced in a while?

 

It's been rebooted - is there a way to force the engine update?

Thanks,
RushB

 

Since the changes made after 2.50.25 were minor they have not been pushed.
2.51 introduced the 32/64Bit installer package the only other changes are as stated by alglove.

I'm pretty sure there's a simple way to push the component updates yourself.

 

If you create a new install package yourself in the RAC using 2.51.26 and then push it to the client machines it should give you the result you want.
The /FORCEOLD would have to be used for any package installed over an up to date one. (thanks rumpstah)

Of course test your package on a couple of client machines first to make sure the result is what you're looking for.

Cheers