nod32 v4 nonpaged kernel memory leak

Discussion in 'ESET NOD32 Antivirus' started by GreatWizard, May 24, 2009.

Thread Status:
Not open for further replies.
  1. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    I have notice a very severe nonpaged kernel memory leak in netio.sys when nod32 v4 is installed on my vista sp2 machine. I believe it also occurred when sp1 was installed, I just didn't bother investigating.

    I discovered that by using the windows built in driver verifier. After a day of working and some large downloads, the nonpaged kernel memory pool reaches hundreds of MBs in size when nod32 is installed. From the verifier I seen that the memory is reserved by netio.sys. And since Nod is the only net monitor software I have installed, I guessed that it's probably the cultpit. After uninstalling and reinstalling twice I can confirm that it only occurs when it is installed. I have noticed similar behaviour on my vista sp2 laptop.

    Has anyone noticed something like that?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    It's been very rare, but although I have not personally experienced it, I have witnessed it before on these forums in screenshots, without an explanation, so it's a possibility.
     
  3. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    What would a suggested solution be?

    I tried finding a way to submit a bug report on eset's site, but didn't find anything of that sort.
     
  4. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    I didn't expect an explanation, but I would very much recommend someone informs ESET about this bug. This is a very major stability bug, and about half the stability complaints on this page could be related to this.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    does disabling HTTP/POP3 filtering make a difference? What hardware do you use? (amount of RAM, CPU, platform - x86/x86-64) What edition / version of Vista is it? (e.g. Ultimate, 64-bit)
     
  6. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    I don't use Pop3, only web based mail.

    I have core2Duo 6600, 3GB RAM, vista 32bit SP2

    I didn't try disabling HTTP filtering. I'll reinstall it and try it out.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    What brand and model of network interface card are you using, and which version of drivers for it?

    Regards,

    Aryeh Goretsky
     
  8. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    I have an Asus p5k Board, and I tried using the drivers from the asus page and the drivers from windows update. Changing between them has no effect.

    (the NIC is Atheros L1 Gigabit controller)

    Turning off both pop3 filtering and http filtering from the advanced options interface had no effect on the leak.
     
  9. JmZ

    JmZ Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    4
    I can confirm this, I have the exact same symptoms.

    After downloading large amounts of data, the kernel's nonpaged memory increases to over 1.3GB and my total RAM usage reaches 95% (out of 2GB).

    This is a very serious bug as my system becomes almost unusable when the memory is maxed out. The only way to fix it is to reboot, resume downloads and wait for the same problem to re-occur.
     
  10. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    Thanks for the confirmation JMZ.

    As I suspected it's a major bug that can cause all manners of seemingly unrelated system instability. The ESET process itself doesn't seem to have lots of allocated memory , but as I said, it causes a memory leak in netio.sys. I only noticed it because I'm a programmer myself, I'm sure many random stability and connectivity issues reported by other users are related to this.

    My ESET subscription has run out so I can't further investigate this issue. I'll renew it when I see that this major bug is resolved.
     
  11. bradtech

    bradtech Guest


    I wonder if this is the issue that is causing the issue I have seen with Windows Vista, and 2008 Server where the system goes into a deadlock state.. You go to the machine, and cannot do anything to it other than a power cycle. I watched my Vista machine at home take 10-15 minutes to ctrl-alt-del, and my 2008 Server do this.. This issue never happened on V3.. Therefore I stay away from V4 on 2008 Server at the moment..

    Can you do a clean uninstall of what you got, and try the 4.0.437 version to see if it is fixed?
     
  12. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    JmZ or GreatWizard, can you give some range as to what "downloading large amounts of data" means, are you talking MBs, GBs, or ?
     
  13. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11

    GBs, but also, playing online games for a few hours. The memory leak occures and starts growing all the time. it can reach 100-200 MBs in several hours of simple browsing - it's just not a noticeable performance hit until it grows beyond that, on a modern desktop.
     
  14. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    My account has run out, but what you describe is exactly what happens when such a memory leak occured. you can see it in the performance tab of the task manager. Just look at the non-paged kernel memory. If it steadlily grows far beyond the initial 30-40 MB it is on boot-up then you have it too.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I noticed this for the first time on 1 of the PC's on a network when I was removing ESET's software. The PC itself had been on most of the day with several people having used it (no reboot). Probably not helpful, but I doubt this bug will ever be fixed so there it is anyway.
     
  16. insertjokehere

    insertjokehere Registered Member

    Joined:
    Aug 10, 2009
    Posts:
    2
    does anyone have a work around/fix/responce from ESET about this? at the moment i have 1209MB of unpaged kernal memory used, is making the system rather unstable
     
  17. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    same problem in a machine with the nic nVIDIA Networking Controller (chipset nforce4 430).

    nonpaged memory just runs to the limit and the system freezes. The problem is the driver ntdio.sys, when downloading it raises.

    quick fix before i uninstall nod32 v4?
     
  18. insertjokehere

    insertjokehere Registered Member

    Joined:
    Aug 10, 2009
    Posts:
    2
    havent found any work around, but was experenceing the same problem with NAV
     
  19. bubu83

    bubu83 Registered Member

    Joined:
    Jun 11, 2009
    Posts:
    21
    lol, i've just see that the same bug is in my personal pc, with a marvell yukon network card (chipset intel p35).

    my workaround in my pc is to disable the http scan.

    i hope eset will see this and fix soon. Normal user with large quantities of ram ( >3GB) doesn't see the bug because in the normal use the user itself doesn't do much download.

    The problem is that the driver netio.sys in combination with eset 4 when you download something it eats your ram and it doesn't release.
     
  20. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    Yeap 1.9 GB after downloading about 7.2 Gb.
    Running:
    Vista Ultimate SP2 latest patches.
    Downloaded, INstalled and running 4.0.467
    YAY.

    Seeing that the original problem was presented in MAY of this year on the 24th and now is SEPTEMBER the 23rd so it's been a good 4 months without any further peep from ESET beyond the initial HELLO I am safe to assume that so far they are employing "If we keep quiet and lay on it, they will go away, since after all how many regular users check nonpaged Memory?"
     
  21. bodean

    bodean Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    76
    Just put the newest v4 467 on, i5, 4gig ram, windows 7 RTM, and the memory leak is still there. It's very bad. No word for eset, what a shame..........might have to try a new AV if they can admit/fix the issue.
     
  22. bodean

    bodean Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    76
    Don't hold your breath....it's been reported many times since MARCH this year, now SEPTEMBER, and still around. Nice quality control.
     
  23. ASpace

    ASpace Guest

    What about version 3.0.694 ? Do you experience this ?

    I am currently enabled to test because of lack of Vista
     
  24. klog41

    klog41 Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    1
    vista sp2 and nod32 v4 latest.
    this case this exists. it probably has to do with monitoring of the system.
     
  25. GreatWizard

    GreatWizard Registered Member

    Joined:
    May 24, 2009
    Posts:
    11
    Sad to see this still exists. I am not using eset since I found this bug, it's just not an option. Thanks to everyone who follows this. since I no longer have a working license.
     
Thread Status:
Not open for further replies.