Problem Windows Server 2003 R2 & NOD32 4.2

Discussion in 'ESET NOD32 Antivirus' started by BartR, May 18, 2011.

Thread Status:
Not open for further replies.
  1. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    Hi there,

    I installed NOD32 on our windows 2003 R2 server (32bit) monday, but it is giving me some issues. In the beginning everything seems fine. But after a day you see that it hasnt updated. So I checked to when it last updated, 29 november 1617, that cant be right... I look around on the net a bit and in the mean time the remote connection to the server times out. I log back in and this time the GUI is empty. No text, no links, no buttons, no nothing. Next time i log back in when the server locks itself there is not even a gui anymore. Only ekrn.exe still seems to run.

    Anybody got any good idea's on how to solve this?
     
  2. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Check task manager and observe the CPU/RAM utilization for ekrn.exe and egui.exe. Perhaps you just need to uninstall/restart/reinstall. Or, perhaps the server is missing the configurations it needs for NOD32 to run properly. The two links below would help you with that:

    Eset KB recommendations
    Microsoft Recommendations

    There may be more configuration needed based on the roles installed, but these two articles are a good starting point.

    Thanks,

    Matt
     
  3. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    Thank you for the reply.
    We already did a re-install of NOD32, but with the same results i am afraid.
    We did have to boot into safe mode as we always got the message that we had insufficient permissions to remove the files. (this as Domain admin, local admin, enterprise admin).

    Also i am not able to change any of the settings as gui.exe refuses to load. The best result i had with the GUI without rebooting the server (a no no during the day) is a blank screen that holds no information what so ever.

    i can let the server reboot tonight and see if i can change the settings in the morning, if it helps egui.exe to load. But i will not hold my breath.
     
  4. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    Update on the problem:

    I was asked by support to get a sysinspector log, but when i ran sysinpector it totaly crashed the server. After a reboot and calming down the users i had a GUI again and made the changed proposed earlyer in this topic. I now see that ekrn uses a lot less resources, what is good. And the GUI continues to work, for now.

    I will keep an eye on it.
     
  5. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    Aannnd its back on its rampage of being odd...

    I noticed the resource usage has gone up and now it tells me it last updated on the 20th of september 1617. The RAC tells me it last updated 23 hours ago. So it is most certainly not getting the latest virus updates.
     
  6. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hello,

    Please provide us with the following information:

    1. Open EAV main window, click Help and Support > About ESET NOD32 Antivirus. Let us know the exact version that is installed on your machine, also copy/paste the contents of the 'Installed components' window.

    2. Now from the main GUI, go to Tools > Log files. From the 'Log' drop-down menu select 'Events'. Send us also the contents of your Events log.

    Thanks.
     
  7. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    Here you can find the screenshot of the about window. You will see that it doesnt look quite right.
    The version is the latest one from the website (4.2.71 according to my remote administrator)

    https://picasaweb.google.com/lh/photo/xbLL8wSYmEO-3C7lyzngf2a0Nb-VSniw7LZ8mE5HvV4?feat=directlink

    And this is the content of the eventlog:

    19/05/2011 9:24:36 Virus signature database successfully updated to version 6133 (2011051:cool:.
    17/05/2011 13:37:32 Virus signature database successfully updated to version 6128 (20110517).
    17/05/2011 12:38:04 Virus signature database successfully updated to version 6127 (20110516).

    I got a sysinspector log as well, if that is any help

    *edit*
    It also seems that resource usage is expanding with time. It started yesterday at a normal 66k and now i am up to 167k and the longer i wait the higher it keeps klimbing

    *edit2* Also NOD32 does not seem to save any changes i make to it nor will it let me disable it.
    Its giving me quite the headache...
     
    Last edited: May 20, 2011
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    An empty About window indicates that the kernel service ekrn.exe is not running.
    You can try disabling Anti-Stealth and Self-defense to prevent potential clashes with other drivers.
     
  9. BartR

    BartR Registered Member

    Joined:
    May 18, 2011
    Posts:
    6
    After disabeling anti stealth (i tried it before but it never saved the settings) and applying a fix ESET sended me (an .Exe file) it all seems to run fine now. I hope its permanent. I dont know if it was the anti stealth, the fix or a combination of both that fixed the issue.

    Thanks for all the help
     
Thread Status:
Not open for further replies.