NOD32 v2.7 Server 2003: Random hang

Discussion in 'NOD32 version 2 Forum' started by nordeide, Jul 24, 2008.

Thread Status:
Not open for further replies.
  1. nordeide

    nordeide Registered Member

    Joined:
    Jul 24, 2008
    Posts:
    11
    Location:
    Bergen, Norway
    Hi y'all,

    I have installed NOD32 v2.7 on a server running Windows Small Business Server 2003.
    From time to time, which means anything from after 10 minutes to after several hours, the server freezes for about a minute. After that, all is fine until the next occurrance.

    During that time, everything except the mouse pointer is stuck, meaning that some process takes 100% CPU capacity, Task Manager is not updated during that period. As a result, network traffic is halted, and users cannot access files.

    I found out that disabling AMON solved the freeze problem, but that is of course a bad solution.

    Any suggestions on how to optimize AMON and find out which file(s) that cause this hang?

    Thanks! :)
     
  2. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    Is AMON scanning all files or just the default file set? If all, see if it's one of the other extensions that AMON might be hanging on by just scanning the default.

    Thank you,
    BFG
     
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Try excluding *.log files from AMON scanning. NOD32 is poor at scanning log files which are updated regularly, as they are in SBS, especially during the hourly SBS monitoring tasks.
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Have you followed these exclusions?
    http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137

    "Listed below are the items and their default locations - your installation may be different.

    Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (see note above)
    Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
    Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log
    Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
    Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
    Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata
    C:\Program Files\Exchsrvr\Conndata

    IIS related Exclusions
    IIS System Files = C:\WINDOWS\system32\inetsrv
    IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

    Domain Controller related exclusions
    Active Directory database files = C:\WINDOWS\NTDS
    SYSVOL C:\WINDOWS\SYSVOL
    NTFRS Database Files = C:\WINDOWS\ntfrs

    Windows SharePoint Services
    Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

    Additional Exclusions
    Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
    SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
    SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
    Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
    DHCP Database Store = C:\WINDOWS\system32\dhcp
    WINS Database Store = C:\WINDOWS\system32\wins


    Desktop Folder Exclusions
    These folders need to be excluded in the desktops and notebooks clients.

    Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore"
     
  5. nordeide

    nordeide Registered Member

    Joined:
    Jul 24, 2008
    Posts:
    11
    Location:
    Bergen, Norway
    Thanks for your replies!

    I start with excluding the Exchange files, and then I'll check if that's OK. If not, I'll try excluding the other areas as suggested. I think Exchange exclusions might be the answer, as that is the only significant application on the server.
    :D
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It would be prudent to follow all of them...they are important to keep the AV scanning engine out of. DHCP database corruption is common if it isn't excluded.
    I also uncheck "Scan all files" in the file extension section
    And in XMON..I uncheck background scanning.

    Not having Exchange exclusions is without question VERY bad. No "think it might be the answer" about it. But the other ones are quite important also.
     
  7. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I've found that Nod32 does not run well on W2003 since SP2. I've found that the reliable method is to disable AMON on any W2003 SP2 server.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a good idea to set AMON to scan files with default extension set. Also make sure that IMON is not loaded which is indicated by the grey IMON icon.
     
  9. nordeide

    nordeide Registered Member

    Joined:
    Jul 24, 2008
    Posts:
    11
    Location:
    Bergen, Norway
    Hi again!

    In this particular case, excluding the Exchange directories did the trick; the server responds normally now. But thanks for the list of exclusion recommendations, I'll apply them as well.

    Thanks, everyone! :thumb:
     
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I have many..many Server2003 boxes out there at various clients, no issues with NOD32 2.7. As long as you follow proper real time protection exclusions for your server (which holds true regardless of what brand AV you use on it). As well as turn down AMON to not scan all files.
     
Thread Status:
Not open for further replies.