Strange NOD32 alert

Discussion in 'ESET NOD32 Antivirus' started by gaslad, May 11, 2010.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The ghost alerts continue, unfortunately.
    pre-release updates enabled, protocol filtering enabled, ghost flag while running scheduled virus scan
     

    Attached Files:

    Last edited: Dec 7, 2010
  2. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Interesting. If you go back to version 4.2.35 this error can't be reproduced. I then upgraded to the latest version 4.2.67 and don't get this alert. At least so far.
     
  3. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    and today after updates the Alert has starting to show after double clicking the icon. Might have to go back to an earlier version. This is annoying.
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    I'm not sure rolling back to a previous build will fix the bug, Banger696
    Once, it would seem, you have the ghost flag bug, there is no way of ridding of it. I have tried numerous ways to avoid this to no avail.

     
  5. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The most annoying ghost flag issue is on the Developer To-Do List, they will get to it as time allows, dating back to October 26, 2010 :ouch:
     
  6. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    446
    I had my first ghost flag issue today on Windows XP SP3 with EAV 4.2.58.3. It is slightly different from yours, because instead of NOD32 saying it requires your attention, Security Center pops up saying ESET NOD32 Antivirus 4.2 is turned off. This lasts for half a second (not even enough time to take a screenshot unless you know it's coming) and then it says NOD32 is turned on and working fine.
     
  7. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Thanks for the note, xMarkx. I had my first Ghost Flag at the beginning of this thread. If the Security Center is flagging that your AV is off, even for a moment, this is not good :ouch:

    The only way I can make the flags go away is to disable Self Defense, which I care not to do, so I keep on going.

    As mentioned by some, this is isolated, perhaps it is, then why, after multiple manual reinstalls, the problem still exists ? I now view it as cosmetic, although annoying especially for a user that does not know of these things.

     

    Attached Files:

    Last edited: Dec 24, 2010
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Yet another Ghost Flag today @ ESET :ouch:

    Windows XP Pro SP3 fully patched, IE 8, Spyware Blaster, MVPS Hosts, other tweaks.
     

    Attached Files:

  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Yet another ghost flag encountered during manual update.

    System information pasted in quotes below:

    Pre-release enabled.
     

    Attached Files:

    Last edited: Jan 24, 2011
  10. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    Isn't this just a thread timing issue, with the "look for problems" thread waking up whilst the "look for updates" thread is mid-update?

    This is one of the biggest threads on the forum, yet i can't see what all the fuss is about. Am I missing something?



    Jim
     
  11. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Just posting it like it is, Jim. As any other user would.

    Cheers,
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    There's no need to post the same whenever the problem is encountered. As I mentioned before, this is something that ESET is aware of and is looking into. The problem is that it requires in-depth analysis of the code as the problem could not be reproduced on our part. We'll update you if we manage to pinpoint the issue or need additional information.
     
  13. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    True. But it's such a transient issue I'm just not sure it's anything to worry about. No different to Explorer crashing and restarting etc.

    Just my view.



    Jim
     
  14. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    I am actually not reporting same every time I encounter this bug, Marcos.

    Yes, you have mentioned ESET is looking into the issue.

    It is not my aim to waste board space or anyone's time or money. The point of the ESET Forum is to post issues as they arise, yes ?

    Well, this bug has occured over numerous builds under varying circumstances.

    I try to make ESET aware of each as they occur. For a typical user to have the bug popping up on their screen every other day would have likely changed AV solutions by now. :ouch:


     
  15. vishal111

    vishal111 Registered Member

    Joined:
    Feb 5, 2011
    Posts:
    4
    Hi,

    Hey all i'm the latest victim to this message on ESET smart security. I started a new thread to be notified that one already exists here, so thaught to make myself heard aswell.


    I got the same on a brand new install of win 7 32 bit and ESET smart security 4.2.71.2. This error message or whatever comes up only when i right click the ESET icon on the taskbar when it shows up"ESET smart security needs your attention", when clicked, i find nothing technically wrong with ESET, it shows that i'm fully protected, that i have the latest definition and that everything is in place, then why do i get this message.

    To the benefit of helping an posting my version details below.

    Virus signature database: 5851 (20110206)
    Update module: 1032 (20101025)
    Antivirus and antispyware scanner module: 1295 (20110204)
    Advanced heuristics module: 1115 (20101116)
    Archive support module: 1125 (20110202)
    Cleaner module: 1050 (20101207)
    Anti-Stealth support module: 1024 (20101227)
    Personal firewall module: 1062 (20101027)
    Antispam module: 1016 (2010120:cool:
    SysInspector module: 1217 (20100907)
    Self-defense support module : 1018 (20100812)
    Real-time file system protection module: 1004 (20100727)

    Hope this is nothing serious or is it jus a bug that ESET is unable to fix.
     
  16. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    I am still using NOD32 AV (not the full security suite) 4.0.474.0. Late last year I didn't upgrade to 4.2.64.12 because of this "Strange NOD32 alert" (aka "ghost flag" and maybe other labels also) issue.

    Today, three months into 2011, I checked the latest version (4.2.71.2) changelog (no mention of ghost flags or anything similar) and this thread --- where I discovered vishal111's report that version 4.2.71.2 had given him a ghost flag.

    I do not recall anyone reporting a ghost flag who also said they were using Win2k.

    Siljaline, as probably the most frequent "correspondent" on this thread, have you seen anyone using Win2k (or NT) report having a ghost flag? I have searched the thread (for 2000 and for 2k), and haven't gotten a hit (other than for my own posts). Of course, few people are still using Win2kSp4, and not everyone reports their operating system.

    So maybe Win2kSp4 would avoid ghost flags. If so, I should go ahead and install version 4.2.71.2. I had thought that version 4.0.474.0 included "Real-time file system protection" because the system tray icon includes an option to "Disable Real-time file system protection," and Setup includes a statement that "Real-time file system protection" is enabled. Yet in Help > About, Installed Components doesn't include Real-time file system protection.
    But everyone here who is running 4.2.x and has reported their Installed Components includes "Real-time file system protection." So apparently there would be some definite security advantage to installing 4.2.71.2.

    But my wife (also using Win2kSp4) will be less relaxed about a ghost flag than I might be, and I'm not always home.

    I don't know what the 4.2.71.2 "Real-time file system protection" would add. The changelogs since 4.0.474.0 do mention additional Mozilla Firefox and Thunderbird features, but I'm using Mozilla-SeaMonkey (integrated browser and email), and that doesn't get to use the special Firefox and Thunderbird features that are in 4.0.474.0.

    I would much appreciate any comments or suggestions from anyone.

    Roger Folsom
     
    Last edited: Apr 3, 2011
  17. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    tanstaafl: Last October (messages #85 and #91 ) we had some discussion about what to do if a "ghost flag" appears.

    And I haven't seen any Eset suggestions about how to deal with ghost flags.

    So for my possible own future use (see my previous post 117 to siljaline) I have written up a tentative checklist.

    I am posting it here in hopes that you and/or others will offer some additions (if needed) and corrections. (Note the words "usually," "perhaps," "unconfirmed" and "unknown.")

    Thanks.

    Roger Folsom

    ====================================

    NOD32 GHOST FLAG RESPONSE CHECKLIST

    A ghost flag, at the system tray NOD32 icon, usually (perhaps always) contains the following text:
    "ESET NOD32 Antivirus
    "Eset NOD32 Antivirus requires your attention. For more
    "information, click on this notification."

    Ghost flag image locations:
    https://www.wilderssecurity.com/showpost.php?p=1773979&postcount=96
    and
    http://naut.homestead.com/files/nod32.jpg
    and a few scattered throughout thread
    https://www.wilderssecurity.com/showthread.php?t=272438

    Some Ghost flags may use different wording (unconfirmed).
    And whether true Eset warnings also use this wording is unknown to RNF.

    Unless the warning disappears on its own, clicking on the flag causes the flag to disappear --- a necessary but not sufficient condition for it to be a non-malevolent ghost flag, rather than a true warning from Eset's installed software or one of its websites.

    To confirm that this is a ghost flag and not a true warning, do the following:

    0) Determine (at http://www.eset.eu/support/update-xy1) the number and date of the latest signature update.

    1) Check (at the NOD32 window's Update link) that the latest signature update has been installed. If not, install it.

    2) Check (at the NOD32 window's Logs link) Logs, Events to see if it reports any problems.
     
    Last edited: Apr 3, 2011
  18. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Hi Eset forum,

    I am managing around 400 clients spread across 2 RAS servers. My users reported the same issue as described in this thread and I personally saw it.
    Clients are Windows XP SP3 machines with Eset Nod32 4.2.67

    Any idea what is causing this and when it will be addressed?
    Hopefully this will be addressed and resolved.
     
  19. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Does anyone know if this issue is fixed under 5.0 BETA?
     
  20. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    nsnidanko:

    For what it is worth:

    a) If you search this thread, you will find that a sufficiently early version of NOD32 v4, e.g. something in the neighborhood of 4.2.3x (but check that number because I'm going by recollection) apparently doesn't have the problem.

    Unfortunately, the latest version, 4.2.71.2, apparently has had the problem. See message 116 of 07 February. But since then I haven't seen any reports of the problem on 4.2.71.2. I'm an economist rather than an IT professional, but maybe some component update since 4.2.71.2 has fixed the problem by accident? (Hope springs eternal.)

    b) Personally, I've never seen the problem, either in NOD32 version 4.0.474, which I started using in spring 2009 (I think, but in any case I don't recall anyone reporting the problem with that ancient a version), or in version 4.2.71.2. I replaced 4.0.474 with 4.2.71.2 on 10 April 2011. So far, no problems.

    However, my situation is quite different from yours: Two computers, each running Win2kSp4, connected only by a NetBEUI network (and only one shared "transfer stuff" folder on each computer, and not accessible without a special logon and password), with NOD32 v4.2.71.2 installed separately on each computer, so each computer's NOD32 protects only its own computer. Never has the NOD32 installed on either machine been instructed to do a scan on the other machine.

    Somewhere in this thread someone from ESET, probably Marcos, noted that this issue has been difficult to solve because ESET hasn't been able to replicate it.

    Meanwhile, my "Nod32 Ghost Flag Response Checklist" (adapted from tanstaafl's messages #85 and #91) at the end of message 118 above might (or might not!) be the basis for an advisory distributed to the users of your herd of computers.

    Best wishes.

    Roger Folsom
     
  21. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    4.2.71.2 still has the problem. I'm experiencing it almost every day.
     
  22. Wallaby

    Wallaby Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    156
    It is unbelievable that even the developers don't know when and where (in their code) this message is generated. o_O
     
  23. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Doesn't anybody know if this is fixed in v5 beta?
     
  24. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    i have seen this odd message on version 5 RC.
    i dont see it as a major issue since it seems to be just a cosmetic issue.
     
  25. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    How do you know if it is a cosmetic issue? Also how ordinary user would know how to differentiate this issue from real problem with NOD and make a call to IT department accordingly?

    Maybe for power home user this is not an issue, but is a general problem for large organizations.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.