V4 NOD32 problem With DD-WRT firmware router.

Discussion in 'ESET NOD32 Antivirus' started by Wagnard, Aug 6, 2009.

Thread Status:
Not open for further replies.
  1. Wagnard

    Wagnard Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    5
    Hi
    I have try NOD32 v4 and the Access to my router has become terribly slower.
    Browsing the internet does not seem a problem.

    THe weird thing is when I disable everything in nod32, it still happen.
    Uninstalling the Antivirus fix it.
    Nod32 V3 and the old v2 doesn't do this.

    Is there a way to completly unregister the internet scanning? (a bit like the IMON in nod32 v2 ?)
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    I use a DD-WRT router and v4 without any issues. Maybe you could try excluding the URL of your router in 'Excluded addresses' ? Disabling the whole internet module seems a bit drastic.
     
  4. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    What version of Windows are you running? Do you have the latest build of the ESET software installed? If you disable web access protection does it still happen? Try the steps in the Knowledgebase article that Cudni suggested.
     
  5. Wagnard

    Wagnard Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    5
    I have seen this problem in both windows 7 x64 and vista X64 sp1/sp2. Those windows installaing were always fresh install ( no upgrade)
    And since V3 is working correctly, its not an issue with the computer...

    The problem is verry problematic. its just it take x2 the time to access the router page.
    I have tryed disabling everything in the AV and even setting exclusion to the adress of my router and its not working.

    I use latest nod32 V4 (downloaded yesterday)

    Nod32 V3 doesnt have this problem.

    and also its not only DD-WRT that is affected. TO be sure, I reflashed my router to the original linksys and it take a bit more time to access it with V4 installed.

    To the one with dd-WRT check the time it take to access your router and then unsintall the AV and check again youll be 2x faster.
     
  6. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    FWIW, I did try uninstalling EAV and browsing my router's pages again, but could see no discernible difference in speed.
     
  7. Wagnard

    Wagnard Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    5
    WEll here is a difference. its small but its still visible.
    Its not THAT much of an issue but it does anoy me that a simple router page get slowed down by an antivirus...
     
  8. Wagnard

    Wagnard Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    5
    Is it possible to install Nod32 V4 without "IMON" ?
    I don't want this web scanning thing because even if I disable it completly it still affect my issue.
     
  9. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    We do not recommend disabling parts of the software, as this lowers the amount of protection you have. There is not a way to disable the module you are asking about. You can try disabling Protocol Filtering to see if that makes any difference with loading your router's webpage.
     
  10. Wagnard

    Wagnard Registered Member

    Joined:
    Aug 6, 2009
    Posts:
    5
    Disabling the Web access protection completly doesnt solve the problem. I guess the data pass throught some thing even if disabled....
    Just as a note, im using the Antivirus only and not the smart security one.
     
  11. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    I've noticed this too, and so has a colleague. We're using Draytek Vigor 2820n routers. It's nothing to do with the browser - even using wget it takes 11 seconds to download the initial web UI page. In an XP Virtual PC it takes <1 second.

    I'm on Vista SP2 32-bit, my colleague is on 64-bit. I've tried adding the address to exclusion (confirmed by seeing the notifications) as well as disabling the Web access protection feature and anti-virus/anti-spyware.

    Using Virtual PC I can confirm:
    Windows XP downloads the web UI in <1s with and without NOD32v4
    Windows Vista SP2 32-bit downloads in <1s without NOD32v4, but with NOD32v4 it takes >10 seconds.
     
    Last edited: Sep 17, 2009
  12. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    748
    Location:
    UK
    I had the problem on nod32 v2.7 on a netgear router, was very strange issue.

    on my current billion router web interface no problem with imon (since this was 2.7)
    on netgear GT router again no problem.
    however on netgear 834v5 router, bam slow gui, veeeeeery slow.

    now if you this isnt weird already.

    on the dg834 v5 if I enabled internet access, and accessed the same router in the same browser over the internet instead of local area network it was fine at normal speed. Disabling imon also fixed it.

    Work that one out. :)
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you have at least 2 browsers installed, you might want to exclude the one you'll use for accessing the admin interface from content filtering by putting a cross next to it in HTTP,HTTPS setup -> Internet browsers.

    We'd appreciate if you could create 2 logs with HTTP communication captured. One with HTTP checking enabled when the problem occurs and one with HTTP checking disabled when the admin interface loads quickly. Let me know when done so that I can provide you further information as to where to send the 2 logs.
     
  14. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Thanks for the reply, Marcos. I already had Firefox (3.5) set in the Active Mode window, and have just added IE8 and wget. The web UI is still downloading slowly in all of them.

    I've set the Minimum Logging Verbosity to Diagnostic, set the ThreatSense engine to Log All Objects but still can't see any records being created when I do a test download. Could you advise how to enable the logs you need? (Or do you mean a packet capture?)
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I didn't mean setting the browser to active mode, but excluding it from content filtering by putting a red cross next to it as shown in the screenshot below. Use this setting only for the browser that you'll use to access the admin interface.

    Sorry, I forgot to mention to use Wireshark for capturing HTTP packets.
     

    Attached Files:

  16. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    I don't have that option. Under Web access protection I have HTTP, HTTPS and under that I have Address management and Active mode. (I am using NOD32 Anti-Virus, not Smart Security):

    http://www.proactiveservices.co.uk/nod32.png

    I'll get the packet dumps now.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you're using Vista SP2 this dialog window doesn't appear due to WFP. At least you could try disabling HTTP checking for a while to see if you can access the admin interface without delays.
     
  18. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Tried disabling Web access protection, no joy. Would it be helpful to have a packet dump from a "problem" session and one from a "normal" session from a PC without NOD32?
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Disabling web protection does not have the same effect as disabling HTTP checking in the setup tree. Could you confirm that disabling HTTP checking in the main setup -> Antivirus and antispyware -> Web access protection -> HTTT,HTTPS and untick the "Enable HTTP checking" checkbox. Does it make a difference?
     
  20. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Ah sorry, I hadn't noticed that option. When Enable HTTP checking is disabled the web UI runs at the expected speed using browsers and wget. Once enabled again, it slows back down to >10s.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ok, so please create 2 logs with http communication captured using Wireshark as instructed before. We'll see what they'll reveal.
     
  22. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Packet dumps have been done - see PM. Cheers,
     
  23. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Has any progress been made on this problem? The problem persists on Windows 7 64-bit and Eset AV 4.0.467.0.
     
Thread Status:
Not open for further replies.