NOD32 on windows SBS 2008 Freeze

Discussion in 'ESET NOD32 Antivirus' started by kocak_gober, Feb 28, 2011.

Thread Status:
Not open for further replies.
  1. kocak_gober

    kocak_gober Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    35
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Do they have the latest version of EAV 4.2.71 installed? If so, the best would be if they could generate a complete memory dump when the system freezes which might reveal a potential interference with another driver or software that is installed and convey it to ESET for perusal. In the mean time, they could try configuring real-time protection to scan only files with default extensions potentially carrying malware instead of all files (set by default).
     
  3. kocak_gober

    kocak_gober Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    35
    yes they have the latest eavbe 4.2.71.
    should we ask for kernel dump or just small memory dum . i try kernel dump on my pc the file size is so big. 240MB

    thanks marcos.
     
    Last edited: Feb 28, 2011
  4. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    I think latest version is 4.7.2 instead of 4.7.1Wrong posted
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I meant a complete memory dump, it's size should be approx. equal to the size of installed RAM.
     
  6. Raytoo

    Raytoo Guest

    We have similar issues that seems related to v4 on SBS 2008.

    We followed the guidelines regarding exclusions (Microsoft) and the server configuration recommendations as linked earlier in this thread, but note that the system would also freeze with all modules disabled in v4. We are currently not running any antivirus software on the server.(I will revise this post within a week if the instability issues return.)


    Unfortunately, I could not get more time on troubleshooting this server when it froze (planned on triggering a memory dump). We do have six bugcheck errors recorded (STOP 0x0000001E) in the system event log (EventID: 1001, Source: BugCheck), six minidumps and a complete memory dump.


    KB page on triggering a memory dump:
    http://support.microsoft.com/kb/969028/en-us

    KB page on antivirus exclusions:
    http://support.microsoft.com/kb/822158
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Does running "driverquery /v | find "epfwwfpr" /i" yield any results? It shouldn't if you actually renamed the ESET WFP driver to work around the bug in Windows WFP.
     
  8. Raytoo

    Raytoo Guest

    No epfwwfpr listed.

    Edit: Nevermind. You were talking about an SBS 2008 currently running v4. I mentioned we uninstalled it and won't be testing it at the moment.
     
    Last edited by a moderator: Mar 1, 2011
  9. kocak_gober

    kocak_gober Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    35
    solved. they decide reinstall the server. until now nod32 running well.

    Thank you.
     
  10. Raytoo

    Raytoo Guest

    The server has been running without lockups since the uninstall of 4.2.71.2 (released January 25, 2011).


    We will install it again and disable the epfwwfpr driver until Microsoft releases a fix for WFP.
     
Thread Status:
Not open for further replies.