NOD32 v4 Network Problems?

Hi all just want some ideas on a problem i have just installed nod32 v4 to all computers at my site and am now having issues with computers (windows xp sp3) slow browsing i.e i use dfs on a windows 2003 sp2 server (its a domain controler) to redirect user home folders to a nas (dell windows storage server) all was working great but now we seem to have these "slow downs" any ideas i think i have set up all exclusions, anyone have a list that works for them of exclusions (work stations, servers etc)

thanks

stevef1

 

There are some known issues with AV products and DFS (and/or) FRS.

http://support.microsoft.com/kb/284947
http://support.microsoft.com/kb/822158

Might be worth trying the ideas in the above articles.

 

Thanks for that but still have the same issue, think i might just look for an alternative to NOD32....any ideas or should i try to down geade to 2.7??


stevef1

 

Try the following setting below for your slow network access times.

http://img529.imageshack.us/my.php?image=networkscan.png

 

Thanks mate, done that as well as including exclusions for : \\domainname\sysvol\domainname, \\domain\dfsroot, any redirected folders, anything in the windows folder (just in case)
i just dont know what next, tried the following today.
ran netsh winsock reset (in case of problems with winsock
uninstall nod32
and the test computers worked great, reinstalled nod32 and everything slowed......grrrrrr

stevef

 

Here are my exceptions I have on all my Servers, and clients.. I'll leave out work related exceptions..

C:\Documents and Settings\All Users\ntuser.pol
C:\Windows\ntds\*.*
C:\windows\ntfrs\*.*
C:\windows\security\database\*.*
C:\Windows\Security\database\ebd.chk
C:\Windows\Security\database\edbres00001.jrs
C:\Windows\Security\database\edbres00002.jrs
C:\Windows\security\database\secedit.sdb
C:\Windows\SoftwareDistribution\*.*
C:\windows\System32\GroupPolicy\*.*
C:\windows\system32\GroupPolicy\registry.pol
C:\Windows\system32\Netware\*.*
C:\windows\system32\novell\*.*
C:\windows\sysvol\domain\policies\*.*
C:\windows\sysvol\domain\scripts\*.*
C:\windows\sysvol\staging areas\*.*
C:\windows\sysvol\sysvol\*.*
C:\program files\Cisco Systems\*.*


I know doing a *.* at the end exludes all, and I've added duplicate entries but I wanted to be 100% so I drilled down to the file even after having a whole folder exluded that it's in..

 

will redo the exclusions and try them again in the morning, i redirect our users "my documents" folders (via dfs) to shares on servers, any pointers on this? at the moment i have NOD32 not scanning these folders on the server (full scan done every day)

Do you have the same exclusions on your domain controllers?

thanks

stevef

 

Make sure you exclude the redirected folders by UNC path, not drive letter.

 

Yes I just have a global exclusion list that I apply to both the Client, and Servers.. Best practice, and neatness would probably be to have a separate xml for each but I just have one master list.

 

Yeah i have a workstation and server config so i can send config changes to workstations only, we block USB ports now using NOD32 but dont need that on the servers, will let you know how it pans out, thanks for the help so far

stevef

 

Well it just gets better and better......i created a clean config with just the exclusions in it from bradtech (i had most in my config) and rebooted a couple of pc's, fast boot restored up to log on nice and fast (thanks bradtech) so i started to add some unc file paths in the form \\server\share and rebooted and got slow startup times !!! took out the unc paths all back to normal........hmmmmmmm and i wana buy this software so it looks like (for my network) that nod32 dont like unc paths, i checked the permissions on the shares and all is ok btw.
Geting some eset services hanging on boot on a couple of computers takes about 2 mins and the services start, will look in to that tomorrow

stevef

 

Steve... I'd be very interested in how you are doing this with NOD32?

I haven't updated to v4 yet (still on v2.7) - is this something new to v4?

Thanks!

 

Hi tanstaafl, were doing ok (kinda) thanks to the help from this group (bradtech has been great, thanks mate) we have had some issues that we seem to be geting sorted, we had slow network access, i used the sugested exclusions from bradtech and left out any unc paths to servers and now seem to have normal network access hmmm!!

the only problem now is that nod32 seems to hang for a short while on some computers at startup, i just downloaded the latest version and tested it on some xp clients with sucess today computers seem to start up ok with no hangs at startup time

stevef

 

Hi Steve,

Glad things are looking better with this version...

But, I was specifically asking - and would still like to know, how you were able to block USB access with NOD32?

Thanks!

Charles

 

Thats odd, because I have seen more than once a specific recommendation to USE UNC paths over drive letters...

I hope an ESET rep will comment on this question...

One thing I made note of while reading all of the threads of those with big problems: if/when you do a clean install, you should reboot TWICE BEFORE doing the new install - ie, reboot once after doing the removal, and then after it is fully booted up, reboot AGAIN - something about fully clearing out the PNP drivers from memory (maybe they are cached somewhere)... you might try that on the problem machines...

 

USB ports: if you go to advanced setup in antivirus and software you see an option to block removable media as far as i can tell this effectivly blocks all the usb ports on the computer (it works for me at the moment) if we enable this (tick the box) no one seems to have access to usb devices (pens etc) you can add exceptions such as D drive etc.

stevef

 

Yes, this feature is available in v4 of NOD32 and ESS.

 

yup thats the one, using the remote install console i'm going to block usb ports every 20 to 30 days or so and force laptop users to bring laptop and usb pens to have them cleaned, more work for ict support but worth it until the users get the idea of checking usb pens etc.

stevef

 

Thanks Waterfox... I'll definitely check it out...

It would be really nice if only USB STORAGE devices could be blocked, but other devices (like keyboards, mice and printers) could be allowed.

I'd also like the ability to allow certain workstations the ability to have read-only access to USB drives...

I'll be interested to see what is allowed with the 'Exceptions'... maybe I'll have time to d/l and install v4 tomorrow...

 

Ping...

ESET? Marcos? Someone?

UNC paths or not in exclusions?

And why would their use cause the slow-down problems stevef1 was having?

Inquiring minds want to know...