Update mirrors not current (was:Problem with combined Update for Notebooks)

Hi there,

please read below.

I'm trying to setup a combined setup for notebooks as described in the ERA Manual.
I created two update profiles. One called 'LAN' with the local update mirror and one called 'Internet' with update Server 'choose automatically' and our login EAV-*** and password entered.
The update task is set up to use LAN-profile first, then Internet-profile. Update from the local mirror works perfectly. But if the local mirror can't be reached, I get the following log entries:

19.08.2009 14:44:46 Update Updater: retval = 0x5003, failures: 1, regretval = 0x6000 NT-AUTORITÄT\SYSTEM
19.08.2009 14:44:45 Update Updater: Switch DEVEL modules retval = 0x00005007 [NOT NEED] NT-AUTORITÄT\SYSTEM
19.08.2009 14:44:45 Update Updater: retval = 0x2101, failures: 0, regretval = 0x6000 NT-AUTORITÄT\SYSTEM
19.08.2009 14:44:44 Update Updater: Switch DEVEL modules retval = 0x00005007 [NOT NEED] NT-AUTORITÄT\SYSTEM

It seems to me that the Internet update servers can't be reached or something like this. Local signatures are 4346 (2009081 and don't get updated. The ERA-Server already has 4347 (2009081.

I tried to analyze my problem and found something strange. When I only use the "Internet" update profile and restart the update several times, sometimes it says my signatures are current and sometimes it want's to update.
So I had a look at the files in the update cache directory (C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles in my case). There is a subdirectory for every update mirror and in there a file 'update.ver'.

I found out that some mirrors show older versions than others. I cleared the update cache before I analysed so that I don't have old information in there.

For example in http_u44.eset.com i find: [ENGINE2] version=4348 (20090819) which is the most current version atm.
in http_um14.eset.com [ENGINE2] version=4230 (20090710)
and in http_93.184.71.27 [ENGINE2] version=4344 (2009081

If NOD32 hits a mirror, which has a lower version number it thinks it is current and doesn't update.

So if I am right, some update mirrors of ESET don't have the newest version of signatures while others have and thats the problem. It would be nice if somebody can comment on this. Somebody official would be appreceated.

Thanks
Stephan

 

Did you download update.ver from various servers? Don't check in the folders with server names on the disk as these may contain obsolete information if you haven't connected to the particular server for some time.

We can confirm that update.ver is actually same on all update servers.

 

Hi Marcos,

first I cleaned the update cache. So the cache directory C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles is totally empty.
The forced NOD32 to update several times within a single minute. Everytime it says it has the current signature version and no update is required. That's not correct because it has 4346 rigth now which is not the latest signature.

Now I take a look at the update cache directory. There are several subfolders now because NOD32 tried several update mirrors. Thought the update.ver files in these subfolders are downloaded in the last 2 minutes and have current timestamps, they don't hold up to date information.

Two examples:
http_89.202.157.227 update.ver timestamp: 19.08.2009 16:32 [ENGINE2] version=4311 (20090806)
http_um14.eset.com update.ver timestamp: 19.08.2009 16:55 [ENGINE2] version=4230 (20090710)
and so on....

If you can confirm your update mirrors are up to date, where do these information come from?
We don't have a proxy cache at our network that could hold outdated files or something.

I'm totally confused...

Stephan

 

Hi there,

I managed to solve the problem by reinstalling NOD32 after a complete clean deinstallation.

It was very confusing because other computers with exactly the same configuration managed to update correctly. I don't know exactly what the problem was but it is solved now.