NOD32 V4 on SBS2003

Discussion in 'ESET NOD32 Antivirus' started by Rachiano, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. Rachiano

    Rachiano Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    34
    Location:
    Suriname
    Hi I am running an SBS server with V4. I upgraded v3 to version 4 and pushed the installation from a ERAS server which did the update. Now I see high CPU usage on the server. When looking at the services, I see that ekrn.exe has high cpu usage and drops and raises again...and that keeps happening. Egui.exe is normal...low CPU usage.
    Clients are unable to connect to the exchange server running on this SBS box.

    What may be the problem?

    Rachiano.
     
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I still stick with 2.7 on all servers..including SBS (in addition to 2.7 client...XMON of course).

    Seen people with too many problems with version 3..and v4 just came out...I'll let others be guinea pigs.

    Have you follow the proper exclusion list from real time protection?
    http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137


    Essential exclusions there.
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I still run v2.7 on all my servers as well. Actually, I run v2.7 on all mission critical machines, servers and clients alike.

    Never once had a problem with it, so no need to risk anything by upgrading.
    ~Personal thoughts of course
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Could it possibly be a file such as a large log being scanned over and over again?
     
  5. Rachiano

    Rachiano Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    34
    Location:
    Suriname
    When I ran version 3 I never added exclusions.
    Have done the following now:
    I uninstalled it manually and pushed it to the SBS server again. I also added the exclusions recommended and will monitor it. I don't have too large files...maybe the exchange database...but wasn't a problem in v3..but it's now exluded. Before I did the manual uninstallation I diabled real-time file system protection, but CPU usage was still high.

    Will monitor it and post back.

    Thanks.
    Rachiano.
     
  6. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    You should definitely add the exclusions. All AV solutions can screw up Active Directory metadata files as AD relies on critical timing.


    Jim
     
  7. Rachiano

    Rachiano Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    34
    Location:
    Suriname
    Seems like the system is stable now.
    Also disabled the indexing service which also consumed cpu resources.

    You guys should upgrade from V2.7...when does ESET stop with support for that? I think soon.

    Thanks.
    Rachiano.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Negative...support will not stop soon.

    How are you protecting your Exchange server?
     
  9. ASpace

    ASpace Guest

    If you have any problems with v4 , you can return back to v3 (which you say you had no problems with) . Like YeOlde mentioned , it was just released and generally business customers are not supposed to the first to move to brand-new versions.

    I myself have moved everything possible (home and business clients) to v3.0 and never had problems with any network or machine in the last months . Have very few clients running 2.7 (Win 9x machines and MS Exchange)
     
  10. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    I've heard a new version of XMON will be released soon... :ouch:
     
  11. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    SBS2003 has Exchange on one server.

    To the OP, you should ONLY have ESET NOD32 for MS Exchange Server v2.71.9 running on your SBS2003 server.
     
  12. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Exactly....that's what I was hinting at above when I asked how is he protecting his Exchange store.

    Makes me wonder why someone would make this suggestion...
    Running Exchange (which is bundled with SBS) without proper protection...yikes!
     
  13. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Yeah I've been hearing that for a few years now.
     
  14. Rachiano

    Rachiano Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    34
    Location:
    Suriname
    Guys,
    I am protecting Exchange with Microsoft Antigen for Exchange.
    Any known issues between Antigen and ESET NOD32 AV?

    Thanks.
    Rachiano.
     
  15. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Just for reference, the exclusions you should be running on all Microsoft OS's per their instructions are:

    I wouldn't bother with them if you are a home user, but you should apply these to managed installs on a domain to be safe.



    Specific to domain controllers including DNS, WINS, DHCP. May need additional ones for other DFS shares.

    ALWAYS exclude program databases and associated log files. That is just common sense, people.
     
  16. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Ahh, using separate product for the store..ok, as long as it's protected.

    I haven't seen Antigen mixed with NOD on the OS mentioned around here, haven't tried it myself, I usually stick with same AV vendor for OS protection plus infostore protection.

    With NOD4 being so new (released this week)...I doubt you'll see many server managers chime in that they have it running with Antigen on the same box...as we usually don't rush out and install the latest program version on production servers. I prefer to let the new version "cook in the oven" for at least another 6 months after rollout to let the bugs get ironed out of it, and see how it's working on servers for other people first. Kinda one of the reasons I skipped 3.0 entirely on my clients production servers...too many problems.

    All my clients SBS servers ( that's quite a few) are strictly running 2.7 with XMON.
     
  17. ASpace

    ASpace Guest


    Although v4 seems fine (it is more v3 improvement rather than a new product - ulikely v2 and v3) , it is not a guarantee it will be ok . v2 was fine those years , now it is not at least for the home sector.

    You skipped 3.0 entirely ... if you decide to skip v4 you may end-up with skipped ESET completely :D :D :D
     
  18. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Home sector..yeah, fine 3 and 4 are OK. I really don't deal with "home" users....too many odd issues and too little money. I'm an SMB Network consultant, so I'm talking about on servers here. Too many issues with 3 on servers, and most of my servers are centered around SBS...thus Exchange...thus XMON..thus 2.7.
     
  19. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    Not sure if it's already been mentioned but running EAV V3 or V4 on SBS does absolutely nothing to protect the Exchange mailstores. XMON is specifically designed for Exchange, thus why it's called XMON and not AMON, as AMON was the AV scanner for workstations and non-Exchange Servers.

    Why are you trying to upgrade from 2.7 by the way? What does EAV 4 that 2.7 doesn't? Version 2.7 is by far the best AV around for Exchange and will protect your server. ESET will not stop supporting it unless there is a proven and stable product in place to replace it.

    ESET have already confirmed development of ESET AV for Exchange Server 4.0 which is currently under development, due in a beta in Q2/Q3, for final release Q3/Q4, this year. I would highly recommend you wait till then before attempting to upgrade from 2.7.

    For the record I have tried installing V3 when it first came out on to Exchange and had several problems (there's a post on here somewhere), and experienced high CPU as well as clients being unable to connect to the server as a result.

    Trust me, use XMON 2.7, nothing more.
     
Thread Status:
Not open for further replies.