NOD32 V4 on Domain Controllers

Any news either way on whether 4.2 has fixed the issues with NOD32 on DCs?

 

I've put it on 2x SBS boxes..well, the Exchange variant...which basically has the NOD32 built into it.

I do follow the exclusion guides heavily....as well as set file types to scan from "all" to the default set.

 

Can you point me to those guidelines/best practices?

 

4.2 broke our old Windows 2000 SBS machine this week. I'd been running 3.x on there for ages, and a fortnight ago I used ERAS to push out 4.2.35 to all our clients to upgrade them from 4.0.x. In a slip of the mouse I mistakenly included the server. Big mistake.

Every single day since then the guys on site have had to reboot the server as no-ones been able to connect (client computers hanging at applying computer settings). So I uninstalled ESET on Monday, and the server has been fine since.

No idea if this is specific to 2000, but 4.2 broke it for us. So the server's now running naked, I'll put 3.x back on it when I get an opportunity. NOD32 contained all the correct exclusions etc.

We've not upgraded ANY server to 4.2.35, most are on 3.x or 4.0.x, but all our desktops/laptops are on 4.2.35 with no issues.



Jim

 

Just uninstalled 4.2.40 from our Server 2008 R2 x64 DC as it caused a couple of Bluescreens (7f). Moved back to 4.0.474 which has been stable on our DC for 8months or so now.

 

Please review:
Virus scanning recommendations for computers that are running currently supported versions of Windows
http://support.microsoft.com/kb/822158


Pay attention to these 2 sections:
1) For Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows 2000 domain controllers
2) For Windows Server 2008, Windows Server 2003, and Windows 2000 domain controllers

-John

 

Plenty of AV exclusion guides around...I follow a list pretty much similar to this one..which is for SBS03.
http://alpesinfo.com/fr/node/23
It's easy to see which ones are related to Exchange, which ones are related to just server/DC roles, and the few that are SBS exclusive..and apply those to whatever server you're installing on.

c:\inetpub\mailroot\badmail
C:\Program Files\Exchsrvr\***server name here***.log
C:\Program Files\Exchsrvr\conndata
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\mtadata
C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
C:\WINDOWS\IIS Temporary Compressed Files
C:\WINDOWS\NTDS
C:\WINDOWS\ntfrs\jet
C:\WINDOWS\SoftwareDistribution\DataStore
C:\WINDOWS\system32\dhcp
C:\WINDOWS\system32\inetsrv
C:\Windows\System32\ntmsdata
C:\WINDOWS\system32\wins
C:\WINDOWS\SYSVOL\staging areas
C:\WINDOWS\SYSVOL\sysvol
C:\windows\temp\Frontpagetempdir
***drive letter and path***\ExchangeData

I also set the real time protection to NOT scan all file extensions on a server..unchecking that, it will default to scanning only certain file extentions.

And on SBS/Exchange...in the XMON component I disable background scanning of the infostore.

If you're running SQL (or other databases)..naturally add those to the exclusion list. And..naturally...other line of business software which may be sensitive to AV scanning.