Very Disappointed in NOD32 v3

Q

qdemn7

Supreme [H]ardness
Joined
May 2, 2002
Messages
4,531
My tale of woe over at Wilders Security Forums
I've been using NOD32 for over 5 years, always been extremely pleased, any infections were caught right away. Never had any problems with permanent infections requiring clean install of Windows. The only problem I've encountered in the past is false positives generated when running Trojan Hunter automatic scanning while NOD32 is running.

Just upgraded to v3 yesterday, and had nothing but problems. Constant BSODs with the easdrv.sys as the culprit. Uninstalled NOD32 reinstalled it 3 times, still not working.

Contacted support and they told me that I can't run Trojan Hunter, and Spybot Tea Timer while running v3. so I turned them off in msconfig. The last time the system ran OK for about 4 hours before the BSOD started again. Started up BOINC and that was it.

Still running Spywareblaster, don't know if that's the problem or what. I really don't want to have to uninstall it, but I will if I have to. So right now I have no anti-virus on my system. Still working with support, sent them a LookinmyPC report as they requested.

Anyone have any ideas?
Click to expand...

For now I've gone back to v2.7. Not a bit of problem. Something is definitely aims with v3 for me. Anyone contemplating buying v3 should also D/L v2.7 just in case. They both use the same User Id and Password.
 
weird, i picked up 100 of ESET NOD32 Antivirus 3.0 and have installed probably close to half of them, not a single BSOD. Most installed on brand new Dells, either Vostro or Optiplex. Others installed on Latitude laptops, most computers installed on were Windows XP Home or Pro with SP2, and some with Vista. Not a single problem.

I disable 2 settings during setup, one for Thread Defense and I check Disable some kind of protection of unwanted instalations. Not a single problem. Word. Let us know what happens.
 
So you are trying to run SpyBot, Trojan Hunter, Spywareblaster, and NOD32 all at the same time?
 
My guess is your problem has to do with all the other crap you are trying to run alongside nod32 v3. NOD32 is complete malware protection, you don't need and shouldn't run separate spyware/malware programs when NOD32 is running. Try uninstalling all that stuff, ccleaner it, and re-install nod32 v3.

My two cents. :)

 
Spartacus said:
So you are trying to run SpyBot, Trojan Hunter, Spywareblaster, and NOD32 all at the same time?
Click to expand...
No, I turned off Spybot Tea Timer and Trojan Hunter in msconfig. Left Spyware blasrter running. Didn't unistall any of them.

Captain Colonoscopy said:
My guess is your problem has to do with all the other crap you are trying to run alongside nod32 v3. NOD32 is complete malware protection, you don't need and shouldn't run separate spyware/malware programs when NOD32 is running. Try uninstalling all that stuff, ccleaner it, and re-install nod32 v3.

My two cents. :)
Click to expand...
You may be right. I'm going to wait until next week to see what support says and the people over at Wilders get back to me with my Memory Dump. If that's what I have to do, so be it.

As for now, I've got my main system back up and running fine with the latest v2.7.
 
I agree with the Captain, that was my point in asking if you are running all of those apps.

The docs for NOD32 warn against having other memory resident scanners running.
 
Spartacus said:
I agree with the Captain, that was my point in asking if you are running all of those apps.

The docs for NOD32 warn against having other memory resident scanners running.
Click to expand...
Didn't know that, didn't RTFM. Guess I should for v3. Just didn't think they had changed v3 that much. :eek:

Well I'm not doing anything tomorrow, I try what you guys recommend and report back. Thanks for help and input.
 
Well the easdrv.sys is definitely in conflict with something, I just don't know what. I uninstalled Spybot, Spywareblaster and Trojan Hunter. Did a CClean and a Registry Mechanic clean. Installed v3, and rebooted the system. Instant BSOD. I couldn't even boot into Safe Mode to do system restore. I had to use a backup drive as a boot drive, then go into the main drive C partition and delete all Eset files. The problem is that the easdrv.sys resides in the drivers folder and not the Eset folder. Once I did that I booted back into my primary drive and the system is now running fine. I'm not running ANY anti-virus, trojan or spyware apps, so I'm puzzled just what this driver is conflicting with.
 
Im working my way on updating 150+ clientes from 2.7 to 3.0, no problems so far here.
 
I have many many clients networks on NOD32...but I've done just 1x lawfirm deployment of version 3...on VistaBiz workstations, I still have 2.7 on their Small Biz Server.

I've run 3 at home on various rigs...but I feel it needs a little more time in the oven..seems to slow down networked apps a little bit..whereas 2.7 has nearly zero system impact. So I'll keep installing 2.7 for probably a good part of the remainder of this year..'08. Hopefully 3.0 will be a bit more groomed by this summer/fall.

BTW, NOD32 is totally compatible with Spybot S&D and SpywareBlaster. Spybot does not run anything realtime on your system unless you enable teatimer..which I've never done since the program first came out..I can't stand teatimer. SpywareBlaster also runs nothing at all real time...just adds blocks to your browser. I'm not familiar with TrojanHunter..so can't comment on that.
 
I too had problems where it was causing my system to blue screen. I run Vista Business x64 and while i had the security suite installed I would get nothing but blue screens. It would randomly come about and I couldn't figure out if hardware was going bad or what. So I completely got rid of the security suite and just installed the plain antivirus and wallah, no more blue screens. I really hope they get the bugs worked out soon as I really liked Nod32.
 
I have never had any issue with NOD32, I moved up to v3 and haven't noticed anything as far as BSODs or system lag. I love the speed of the scans and it has kept me safe for 3 years.
 
been using nod32 v3 since it came out (used v2.7 before) no problems whatsoever works perfectly on xp and even on my 64 bit vista
 
OK, problem has been successfully resolved. Due to Marcos help at the Wilders Security Forums (link above) my problem has been solved. The problem is the easdrv.sys.

As Marcos stated:

it seems there's a conflict with a tool for troubleshooting driver problems. Please download the latest driver and copy the new file instead. Finally restart the computer.
Click to expand...

I d/l the file, reinstalled v3, replaced the file and rebooted. No problems and the system has been running for over 4 hours. I did an in depth scan, and have been running the system at 100% using BIONC.
 
I've had issues running it on the Server. It got snagged on a process somewhere (Yes- I did all of the exclusions in the Microsoft KB articles), which then locked the ENTIRE domain up until I either
A) Disconnected network cable from server
or
B) Hard Reset server


A resolved fixing all the clients, but the server still remained frozen solid.
B resolved everything, just extremely risky doing that, obviously...


Only started when I went to the latest version on the server. Uninstalled it, been running fine.
I'm almost too scared at this point to even put V2.7 back on.
 
The only problems I have ever had with NOD32 so far are when I accidentally installed v3 on a small biz server . . . hilarity ensued . . .

 
didn't read all the thread, about half of it though...

maybe it's time to reinstall after 5 years, eh? :D
 
I have version 2.5, it's nearly impervious. Still gets daily updates from ESET, too. :)
 
TechieSooner said:
Explain???
Click to expand...

NEVER NEVER NEVER NEVER NEVER install v3.0 on ANY machine that also runs Exchange server!!!! It will completely hose the system. Will work fine for a while about 8-12 hours and then no client machines will be able to connect to it. You may or may not be able to gain remote access and all sorts of Group Policy processing errors will show up in the event logs. My faves were the ones saying the server couldn't find a domain controller, if you support SBS servers you will understand why that is funny. Most of the time this would happen we couldn't gain access to the server to reboot it, wouldn't complete the logon process because of some error that I can't remember. PSSHUTDOWN -R would sometimes work, sometimes not. So, we would have to call the owner and tell him to hold in the button and shut off the server 3-4 times a week. Mind you, this was a brand new server that had been working for about two weeks and then all this crap started happening. I had my co-worker open a support case with MS to figure out the cause after being unsuccessful with the googler. Needless to say, after MS dicked with it for a week without resolution I came across some information on Wilders concerning v3 and exchange. So, just before I was going to go over there and repair the OS I uninstalled v3, rebooted, ccleaned, installed 2.7 with XMON, rebooted, installed the RAS/RAC for v3 and setup the mirror and everything has been golden since.

Needless to say, valuable life lesson learned. :D

 
Captain Colonoscopy said:
<snip>
Click to expand...

Oooooppppsss :eek:

:eek:

Guess what kind of server my story was based on?????

Yep.

Mine didn't hose anything, just damn locked the whole friggin network up. Even my REMOTE clients that are standalone workstations, that connect into the RA/Updating froze.
Couldn't open Task Manager or anything... Pretty bad.

Checked those forums a bit (any particular thread you looked at?) and it looks like V3.0 is bad thing.

My question: What is changed in 3.0 that causes this?

My second question: Did you add exclusions to 2.7 or anything? I've actually got the installer for 2.7 ready to go back on, have had cold feet after my 3.0 experience though (And FWIW 3.0 works great on all the clients).
 
its not so much that v3 is bad. I have it working just fine on numerous client systems. Just don't EVER through it on a machine that runs exchange. v3 is not designed to run in exchange environments right now. Don't know when they plan on changing that, my guess is they will have a completely separate version for exchange with a different installer.

v3 doesn't have the XMON component that 2.7 for exchange does, that is what is different, among other things.

The only exclusion I run on 2.7 is for tightvnc.exe since nod started labeling it as PUS.
 
TechieSooner said:
Oooooppppsss :eek:

:eek:

Guess what kind of server my story was based on?????

My question: What is changed in 3.0 that causes this?.
Click to expand...

V3 changes how it handles traffic...IMON component is gone, it "proxies" all traffic through some mechanism. I haven't put it on servers yet..even on their website...I don't see "Server 2000 or Server 2003" listed there.
"Operating Systems:
Microsoft Windows 2000, Microsoft Windows XP (32 and 64-bit editions), Microsoft Windows Vista (32 and 64-bit editions)"

XMON version 3 is not out yet....should be mid summer. So if you run a server with Exchange (such as SBS)...that fact right there should have had you installing 2.7 with XMON in the first place. I wouldn't run an Exchange server without the proper antivirus setup for it.

When 3 is ready for servers....I'd still do the standard exclusions...as IMO real time protection will always be the same..regardless of what brand or version...
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137

Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (see note above)
Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log
Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Exchsrvr\Conndata
IIS System Files = C:\WINDOWS\system32\inetsrv
IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs
Temporary SharePoint space = C:\windows\temp\Frontpagetempdir
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins
 
You must log in or register to reply here.
Back
Top