W2K3 Server SP2 Issue - NOD32 Interferes With DS RPC?

Discussion in 'ESET NOD32 Antivirus' started by peterdevlin, Jun 8, 2009.

Thread Status:
Not open for further replies.
  1. peterdevlin

    peterdevlin Registered Member

    Joined:
    May 5, 2009
    Posts:
    6
    I have installed NOD32 on two of my seven servers as a precursor to a system-wide rollout (60 users). These two systems were configured according to the accepted Microsoft advice as summarised here. One server is an W2K3 server domain controller / DHCP server and the other is an W2K3 server / Exchange 2K3 email server, both running SP2 Standard Edition. Both servers are vanilla in that they have no non-standard software running. They have also been in use for some time with no problems.

    In the last two weeks we have observed significant misbehaviour on the test servers. In each case the symptoms are the same. The server locks out and no longer responds to keyboard / mouse input but can be pinged over the network. The three-fingered salute (CTRL-ALT-DEL) does not successfully bring up Taskman for analysis of running processes. In my experience these symptoms look like those of a rogue process consuming all CPU time. A hard reboot is required to deal with these issues.

    In the case of the DHCP server I find errors such as the following when browsing through the Directory Services (DS) logs on other domain controllers:

    In the case of the email server I find errors such as the following when browsing the systems log:

    The failures on both servers have resulted in some systems downtime. No such failures have been seen prior to installation of NOD32 on these servers.

    Having done some digging it appears as though both examples deal with RPC failures on the domain controllers. Looking around these forums I see reports of other similar issues with NOD32 v4 on W2K3 server. In a number of cases these reports are dismissed by the NOD32 community and no solutions are offered. "Tough luck" seems to be the response du jour.

    Would someone who actively represents ESET/NOD32 in an official capacity please definitively detail the issues surrounding NOD32 v4 and Microsoft's use of RPC for Directory Services in W2K3 Server? I'd rather proceed from an informed stance than from conjecture. I need to understand this server misbehaviour, and how to correct it, so that I can make a judgement call about the suitability of NOD32 as an AV solution.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    First of all, try setting real-time protection to scan files with default extensions instead of all files. Failing this, install the latest v3 EAV 3.0.684 which should work fine.
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Peter, as Marcos say try using 3.0.684. We experienced very very similar symptoms to you - it's a single SBS 2003 server, but overnight it would become totally unresponsive and had to have the plug pulled. The same would happen the next night.

    We rolled back to 3.0.684 and haven't looked back. 4.0.x seems fine on desktops but not on servers. That said, I manage a dozen SBS 2003 sites, and we've only rolled back on 4 of them; the other 8 are running 4.0.337 on the servers and are fine. So it's not all servers that are affected, but 3.0.684 will be safe.



    Jim
     
  4. ICA

    ICA Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    34
    Hi,

    I can confirm this too.
    We have several Win2008 and a few Win2003 servers (mixed x86 and x64).
    They are all running EAV v4 fine after a lot of configuration modifications, but my Win2008 x64 Exchange 2007 server was giving the problems as mentioned. Several hangups a day!
    Now I have reverted to version 3.0.684 on the Exchange server and the problems are gone...

    Rene.
     
Thread Status:
Not open for further replies.