Smokey's Security Weblog

veritas odium parit

[UPDATED 2010-09-04] Warning: don’t use any ESET NOD32 V4.x Antivirus product together with Windows Vista SP2 or Windows Server 2008 SP2

The story: numerous ESET NOD32 V4.x Antivirus product customers reported severe problems after install of Service Pack 2 Windows Vista and Windows Server 2008. First reports showed up begin of May 2009, and at the moment I write this post these reports still continue. Embarrassing: the total lack of feedback from ESET regarding the issue. Like I today already wrote on DSLReports, looking at all the threads and posts in their own support forums regarding the severe Service Pack 2 related problems, like e.g.system crashes, BSODs aso, and the fact that (apparently) ESET refuse to communicate with their PAYING customers about the SP2 related occurances, it is evident that ESET will lose customers. Even worse, their name and products will be scratched. It is a pity because ESET have fine products.

Finally today an ESET employee made a short statement on their support forum, almost 1 month after the first reports were produced:

“An issue with ESET’s V4 software and Service Pack 2 for Microsoft Windows Vista and Windows 2008 has been identified and the developers are working on a solution for it. Currently, I do not have any information about when it will be available or what form it will take, but as soon as more information is available it will be provided.”

Again, 1 month after the first reports were produced. And, even more embarrassing, Service Pack 2 RTM for Windows Vista and Windows Server 2008 are released and ESET is not able to offer fixed software that will solve the severe problems related to Service Pack 2.

ESET, this is bad, really bad. You can’t treat your customers with such incredible arrogance and ignorance.

Considering all disgraceful facts, to me it is a pleasure to grant you the famous Smokey’s Security Weblog 2009 Hall of Shame Award.

My sincere congratulations with this valuable Award!

Smokey

Update 2009-05-30, additional info provided by ESET

“Just to let you know, the web pages ESET posted on the matter have been revised, problem explanation and FAQ (Newsbulletin): http://kb.eset.com/esetkb/index?page=content&id=NEWS30

Provides workarounds (Knowledge Base article): http://kb.eset.com/esetkb/index?page=content&id=SOLN2254

You may want to bookmark these web pages and check them periodically as they will be updated iwth additonal information as it becomes available.”

Update 2009-06-02: ESET patch available to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008

A spokesman of ESET just informed me they have a patch (an updated Anti-Stealth module, v1012, build date 20090526) ready to solve the ESET NOD32 V4.x Antivirus products compatibility issues related to Service Pack 2 Windows Vista and Windows Server 2008. According to ESET, right now it is still being tested but they are not aware of any issues or problems from users who have installed it on their Microsoft Windows Vista/Microsoft Windows 2008 systems with SP2 on them.

To obtain the patch, open the ESET user interface, press F5 to open the Advanced Settings window, select Update in the left pane, then Advanced Update Setup in the right pane and check Enable Test Mode at the bottom of the window.

The next time the client performs an virus signature database update, it will also download the updated Anti-Stealth module. If you are running ESET Smart Security, an updated Firewall module will also be downloaded for testing (it contains some other fixes and updates unrelated to the SP2 issue).

Update 2009-06-04: ESET Smart Security v4 and and ESET NOD32 Antivirus v4.0 compatibility update for Vista/Server 2008 SP2 – The fix has moved into production

Statement ESET

Testing of the new Anti-Stealth module to improve compatibility between ESET Smart Security and ESET NOD32 Antivirus v4.0 and Microsoft Windows Vista / Windows Server 2008 Service Pack 2 has successfully completed and distribution has begun. The updated module will be downloaded automatically when a virus signature database update occurs in ESET Smart Security and ESET NOD32 Antivirus.

After the update is downloaded, the entry for the Anti-Stealth module in the About window for ESET Smart Security and ESET NOD32 Antivirus v4 will appear as Anti-Stealth support module: 1012 (20090526). The update is also installed if your Anti-Stealth module has a newer version or release date.

If Anti-Stealth was disabled as a temporary workaround, re-enable it by opening the ESET Graphic User Interface, pressing the F5 key to open the Advanced Setup window, selecting Antivorus and Antispyware in the left navigation pane and enabling (checking) the Enable Anti-Stealth Technology option in the right pane.

Source: Wilders

2010-09-04: Post enlarged with information about a newly occurred severe NOD32 definition update(s) problem

From ESET NOD32 Support Forum on Wilders Security:

after update to v. 5418, you might have encountered a problem with any of the following symptoms:

– ekrn crashed
– system stopped responding
– administrators might have received threat notifications with a blank threat name field

The problem was discovered in update 5417 and exhibited after an update to a newer version. To protect our users, we stopped the update as soon as the problems were reported to us.

A newer update 5419, which fixes the problems, has just been released. Note that ekrn may crash once more during update to the latest version due to the problem present in the previous versions 5417/5418.

SOLUTION FOR USERS:
Update to v. 5419 and restart the computer. Ekrn.exe will start and function properly then.

SOLUTION FOR SERVER SYSTEMS:
Update to v. 5419 and run “net start ekrn” to start ekrn.exe after a crash.

Signed: Marcos, ESET Moderator

See also an ESET kb article about the issue: http://kb.eset.com/esetkb/index?page=content&id=NEWS101

May 26, 2009 - Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , , , , ,

17 Comments »

  1. I updated tp SP2 blissfully unaware of the nod32 problem. SP2 does indeed break nod32. I tried to uninstall it after updating but it wouldn’t completely remove all the files as the eset services were still running after uninstall. When you to try to stop the service in task manager, BSOD. Grrrrr….I finally got all eset files off my computer and I don’t know if I will reinstall it after this. Very disappointed in eset. How long have they known that SP2 was coming out???

    Comment by Gong | May 27, 2009 | Reply

  2. I understand your feelings of disappointment, and I know that numerous ESET customers are thinking the same way like you do.
    ESET didn’t do their homework in a proper way, you can call it also a crude negligence and customer contempt. And their lack of communication direction customer is condemnable too.

    Comment by Smokey | May 27, 2009 | Reply

  3. […] Hall of Shame Award is seldom granted, therefore all Awardees need our unlimited attention. Yesterday I already mentioned in short that ESET is Awarded, but till yet I hadn’t the time to make an official […]

    Pingback by ESET is Smokey’s Security Weblog 2009 Hall of Shame Awardee « Smokey’s Security Weblog | May 28, 2009 | Reply

  4. You guys are not alone.. After updating to SP2 final for Vista today. Eset NOD32 failed to protect system real time defensive. Removal was rather a pain to do, as it lead to safety mode to delete main 2 folders and also removing the services manual. orz

    Comment by Silver | May 28, 2009 | Reply

  5. Same issue. Saw the Windows Vista Service Pack 2 update warning and I upgraded – system rebooted and lo and behold – Nod32 was glowing all red in teh system tray. After some frantic searching on the www, after rebooting to linux, i managed to figure out that it was a long drawn out issue, and hadnt been addressed. As a person working in a firm where we release customer software, i cant see how an issue like this has not been addressed. And me, a 2 year paid customer of nod32. Needless to say, i feel extremely shortchanged. And prolly will NOT be renewing my subscription. Maybe move to Kaspersky or Avira – paid version. Currently, I am running Avast Free, to make do for a few days. That said, nod32 has run very well on my comp for the last 2 years almost. Just seems such a shame ..

    Comment by pigglywiggly | May 28, 2009 | Reply

  6. And going through teh forums, it seems extremely childish to read posts by an Eset employee named Andrew Goretsky who claims he is not able to reproduce the bug on his systems – whereas in fact, it seems to happen almost to everyone. Is Eset’s system testing environment limited to testing by one person?! on 1 pc?! Ridiculous, mate.

    Comment by pigglywiggly | May 28, 2009 | Reply

  7. It’s not the first time I’ve heard of this but you’ve explained it much better. Nice blog, it’s my first time here but I’ll be back for more.

    Comment by Steve | February 6, 2010 | Reply

  8. What I find strange is that it is not only version 4.. In the last months of 2009 my desktop started giving start-up problems. At first, starting up twice became ‘normal’ with the question whether to start up in normal or safe mode..
    But at that time I still used version 3 (!) But this issue became worse and worse: many times booting 5 to 10 times before my computer started (and BSOD’s too !)

    Because buying a new harddisk was in the planning, I decided that now was the right time. So I started with a new hd (WD blue 500gb sata) and a nice, new vista install. AND ofcourse upgraded nod32 to version 4. But as soon as nod32 updates and starts a scan of the start-up files: it crashes my computer. Not once but -again- 6, 7, 8 times..
    And blue screens too.

    As soon as I manage to disable everything in the Scheduler, or when nod32 is completely removed, the problems are gone.

    I mailed to nod32 about this and that I might have to use AVG or something instead.. but got no answer.
    This is the first time since 2007 that nod32 give me a headache.

    Comment by pat | March 1, 2010 | Reply

  9. We’ve had a number of customers affected by this issue and it’s ongoing. Server 2008 R2 crashing left, right and centre. We can no longer trust Eset Mail Security or NOD on Server 2008 R2.
    It’s a real shame because they had / have some great products, however have lost a very significant amount of credibility in a very short space of time.

    Comment by Matt | April 16, 2010 | Reply

  10. Just had NOD32 kill 2 critical live servers twice in one week. Won’t be using them again.

    Comment by ian j | September 4, 2010 | Reply

  11. I should add our servers are Win 2k3 SP2. Maybe they concentrate testing on Win 2k8 now…..

    Comment by ian j | September 4, 2010 | Reply

  12. Hi ian,

    it seem that the server crashes are related to a newly occurred severe NOD32 definition update(s) problem, I have enlarged my main ‘Warning: don’t use any ESET NOD32 V4.x Antivirus product together with Windows Vista SP2 or Windows Server 2008 SP2’ article with info about the issue.

    Regards,

    Smokey

    Comment by Smokey | September 4, 2010 | Reply

  13. I have a problem with Eset Nod32. I recently changed my user name and password but still it won’t update. Am I the only one having this problem or is it wide world?

    Comment by Peter Muniu | September 17, 2010 | Reply

  14. ESET Nod 32 killed my laptop. I only used it for a month, later my laptop starts not open microsoft office and visual studio documents. I ended up formating my laptop, I lost everything I saved and even now some of my programs are not working. It was a disaster indeed.

    Comment by Matimba Makwakwa | October 27, 2010 | Reply

  15. ESET has the worst product and customer service ever. It all started for me 4-5 weeks ago when I would perform web search, click on a link and would be re-directed to a totally unrelated web site. I realized I had spyware, despite ESET’s promise of “protecting my digital worlds.” I have been ESET client for years now, and keep my system and definition files up to date. When I contacted ESET, they “gave” me a solution to my problem, to run advanced cleaning tool. After I performed the 1-5 steps, my system totally stalled! Registry was totally messed up.

    Comment by Jenny | November 2, 2010 | Reply

  16. And that went “up” b4 I finished. I contacted the ESET customer service and complained about the issues. Never got response, even though I got service tickets… Since I did not believe in ESET anymore, I ran BitDefender which operates on Linux. It detected 69 Trojans and other malware in my registry. Contacted ESET again, no response. Just to let you know that your digital worlds might not be all that well protected!!!

    Comment by Jenny | November 2, 2010 | Reply


Leave a comment

« Previous | Next »