NOD32 v2 on windows 2003 server SP1

Discussion in 'NOD32 version 2 Forum' started by Niko, Jun 1, 2005.

Thread Status:
Not open for further replies.
  1. Niko

    Niko Registered Member

    Joined:
    Apr 8, 2004
    Posts:
    23
    Location:
    France
    Hello,

    I'm in trouble with NOD32 v2 on a Windows 2003 server.

    After installing NOD32 and rebooting, I'm not able to open a session by CTRL+ALT+DEL and a message from Lsass.exe appear with 60s time decounting before reboot.

    Have you experienced about this problem and have you any solution ?

    Thanks

    Niko
     
  2. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
  3. Niko

    Niko Registered Member

    Joined:
    Apr 8, 2004
    Posts:
    23
    Location:
    France
    It can effectively be due to IMON but I've other server where IMON is active and they didn't have any problem. This one is the first whith SP1. It there a known incompatibility betwen those products ?

    For the moment I have uninstalled NOD.

    Perhaps should I try with version 2.5 bur I'd rather wait for a french version.

    I'll try to reinstall NOD without enabling IMON.

    Niko
     
  4. Niko

    Niko Registered Member

    Joined:
    Apr 8, 2004
    Posts:
    23
    Location:
    France
    Here is system event log !

    Sorry, but it's in french

    Type de l'événement*: Informations
    Source de l'événement*: USER32
    Catégorie de l'événement*: Aucun
    ID de l'événement*: 1074
    Date*: 01/06/2005
    Heure*: 13:39:22
    Utilisateur*: AUTORITE NT\SYSTEM
    Ordinateur*: CGM-08
    Description*:
    Le processus winlogon.exe a lancé le Redémarrer de l'ordinateur CGM-08 pour l'utilisateur pour la raison suivante*: Aucun titre à cette raison n'a pu être trouvé
    . Code*: 0x50006
    . Type d'extinction*: Redémarrer
    . Commentaire*: Le processus système 'C:\WINDOWS\system32\lsass.exe' s'est terminé de manière inattendue avec le code d'état -1073741819. Le système va maintenant s'arrêter et redémarrer..

    Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp.
    Données*:
    0000: 06 00 05 00 43 00 3a 00 ....C.:.
    0008: 5c 00 57 00 49 00 4e 00 \.W.I.N.
    0010: 44 00 4f 00 57 00 53 00 D.O.W.S.
    0018: 5c 00 73 00 79 00 73 00 \.s.y.s.
    0020: 74 00 65 00 6d 00 33 00 t.e.m.3.
    0028: 32 00 5c 00 4c 00 6f 00 2.\.L.o.
    0030: 67 00 46 00 69 00 6c 00 g.F.i.l.
    0038: 65 00 73 00 5c 00 53 00 e.s.\.S.
    0040: 68 00 75 00 74 00 44 00 h.u.t.D.
    0048: 6f 00 77 00 6e 00 5c 00 o.w.n.\.
    0050: 53 00 68 00 75 00 74 00 S.h.u.t.
    0058: 44 00 6f 00 77 00 6e 00 D.o.w.n.
    0060: 5f 00 32 00 30 00 30 00 _.2.0.0.
    0068: 35 00 30 00 36 00 30 00 5.0.6.0.
    0070: 31 00 31 00 33 00 33 00 1.1.3.3.
    0078: 39 00 31 00 39 00 2e 00 9.1.9...
    0080: 78 00 6d 00 6c 00 00 00 x.m.l...
     
  5. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Hello Niko,

    Re-install Nod32 without enabling IMON

    Et ne soit pas désolé pour le français :D

    Regards
     
  6. Niko

    Niko Registered Member

    Joined:
    Apr 8, 2004
    Posts:
    23
    Location:
    France
    Why should I disable IMON ? It looks like an important part of the security.

    Is there a way to keep it active without having those kind of problems ?

    Effectivement, mon anglais est déjà bien assez désolant ;)

    Niko
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    IMON is to protect you while accessing the internet - do you surf the web using your server - if you do, IMON protection is required, but you will have problems. Both my 2k3 machines have imon turned off, and there are no NOD32 issues with their servers - ms/sql - yes, NOD32... no!

    regards

    Greg
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Did you read the warning that appears during the installation of IMON on servers carefully?

    Note to server administrators:
    Eset recommends leaving the IMON module off when NOD32 is installed on servers. Conflicts have occasionally been reported between IMON and certain server applications, including Microsoft SQL Server, Veritas Backup Exec, and AutoDesk License Manager. Since IMON scans incoming POP3 mail, and HTTP traffic, unless someone is using the server as a workstation, these are not normally critical vectors to monitor -- especially considering that AMON is still scanning files read or written to the system. For this reason, the current version of the installer will not install IMON by default on server-class operating systems.

    If you encounter problems after enabling IMON, try excluding the affected applications from the IMON setup. To unload IMON completely, quit the IMON module from within the NOD32 Control Center. (A reboot is necessary for this to take effect)
     
  9. beng

    beng Registered Member

    Joined:
    Jun 6, 2004
    Posts:
    38
    Location:
    Melbourne/Australia
    Traditionally speaking Windows Servers are not used for surfing, however Terminal Services is another matter.
    Generally, I disable IMON on install, reboot, update etc and then Ghost the server.
    I then enable IMON in full compatibility mode and see how it goes, increasing the funtionallity etc until something breaks.
    If it breaks really badly, then I use my ghost and start over.

    In most cases a combination of excluding the process, and/or compatibility mode will fix most situations and still provide the high level of protection required for users.

    Since Terminal servers normally don't run any other "server applications", like SQL, Exchange, MDaemon etc it's not normally a big issue.

    Regards,
    Ben.
     
  10. Devlin7

    Devlin7 Guest

    Hi, I received the following advice from the NZ distributor

    If the server you place NOD32 on is not used to browse the Web or used to pull down pop3 traffic NOD32 recommend that you stop the IMON service from running. This can be done in the NOD32 control centre in the IMON module. Click the "Quit" button to unload the IMON scanner.

    What may also help performance if you want IMON enabled on your DC's is be to exclude the lsass.exe on the DC's. . .
     
Thread Status:
Not open for further replies.