Eset Apologises for blunder

By zerologic
in Back Page News

 Share

Recommended Posts

Mentor

zerologic

Posted
Posted

Wilders Security Forums

Hello,

we are very sorry for the problems you have experienced with one of the recent updates. The root of the problem was a problematic section in the code that emerged just recently. It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm on benign files. I can assure you that we do make tests before releasing updates to prevent false positives from occuring. In this case, the alarm was triggered under specific circumstances varying from computer to computer (ie. a specific file flagged on one computer was not flagged on each other). Right now we are preparing a knowledge base article concerning this issue. Those who are experiencing problems should follow these instructions:

- restart the computer in Safe mode (press F8 several times before the Windows logo appears)

- delete the file C:\Program Files\ESET\ESET Smart Security\em002_32.dat

- delete the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles or If you have Windows Vista delete the folder C:\Users\All Users\ESET\ESET Smart Security\Updfiles

- delete all files in the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\ or

- restart the computer

- start Windows in normal mode and update ESET Smart Security/ESET NOD32 Antivirus by hitting the button ?Update virus signature database?

Note: Windows Vista uses the folder "Users" instead of "Documents and Settings"

It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm, otherwise the problem would have been caught during the pre-release test. In fact it was a well hidden bug from v2 that resulted in this problem and which has been identified and fixed within a reasonable time frame.
Link to comment
https://www.neowin.net/forum/topic/638603-eset-apologises-for-blunder/
Share on other sites
Grand Master

+BeLGaRaTh Subscriber¹

Posted
  • Subscriber¹
Posted

You only needed to update to sig database 3121 to fix this, rather than going through all that crap. Either way they fixed it quite quickly, I sent them an email, had a call from them within half an hour or so confirming what was happening and what the errors were, half hour or so after that got another call to say all had been fixed and to do a manual update (the problem was with the new code and sig database 3120 apparantly) and that came direct from the ESET devs.

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted

Yeah I had big trouble this morning, almost all my games has been detected to contain "unknown virus", system locked up several times, and eventually the repeated lock ups leaded to some file corruption which caused a BSOD when booting Windows!

Running Windows repair from the boot disk then removing/reinstalling/updating NOD32 fixed the problem.

Mentor

zerologic

Posted
  • Author
Posted

This really makes me want to reconsider my choice of Antivirus.

Should have stuck to Kaspersky. Luckily I have a Kaspersky license and <pause> now Kaspersky is back on my PC. Sorry Eset. Can't afford to damage my PC with software that's meant to keep it safe from malware damage.

Mentor

zerologic

Posted
  • Author
Posted
How would your computer be damaged?

A lot All of my Adobe software stopped working. I had to restore from quarantine and while I was doing this, NOD locked up my Pc twice. Also, a demo game stopped working too. But restore from quarantine didn't succeed.

By 'computer' I meant, effectively my computer was damaged because of NOD damaging my software. Without software my computer is just a box, a heavy useless box.

Mentor

zerologic

Posted
  • Author
Posted

Statement from ESET, LLC regarding signature update 3119

Early this morning, ESET became aware that virus signature update version 3119 unfortunately caused a false positive detection of certain applications and drivers, most notably from Adobe. ESET is aware of the problem and promptly issued an update, version 3121.

For customers impacted by update v.3119, please visit ESET?s Knowledgebase for additional steps to resolve the conflict:

http://www.eset.com/support/kb.php?o...&articleid=812

ESET is continuing to assess the extent of the issue, and more information will be provided as soon as we have it. We regret any inconvenience this has caused to our customers and are working around the clock to assist those who have been affected.

- Anton Zajac, CEO of ESET LLC, 5/22/08

Grand Master

xendrome

Posted
Posted

This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

Mentor

Harlem39s Finest

Posted
Posted

after i read "eset going mad" thread i tried to replicate the false positive by opening programmes that were marked as virus/etc, nod identified comodo and two other apps as a virus, i did a manual update and it fixed the problem. guess i was lucky.

Mentor

zerologic

Posted
  • Author
Posted
This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

It's something I have noticed too. Noticed web browsing can sometimes get really slow, then I uninstalled NOD32 and installed another product - no more speed problems. :/

Neowinian

Mercury_22

Posted
Posted
This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

You?re totally right !

And even if you uncheck "Enable HTTP checking" (beside unchecking "Enable web access protection") it's just look disable but it's still doing the "proxy thing":angry:y:

I can't understand why ESET keep this "web access protection / proxy" "feature":x:x in the Antivirus ! this should be present only in the ESET Smart Security !

Better stay with v. 2.7 because v3 it's .........

Grand Master

Ji@nBing

Posted
Posted

Strange. I'm running v3 and I've had no problems. Sucks for you guys that had the issues though.

I'm willing to give them a free pass this time because I really like the AV and they have been really good thus far. If something like this happens again though, I'll consider switching back to Kaspersky.

Mentor

zerologic

Posted
  • Author
Posted
Strange. I'm running v3 and I've had no problems. Sucks for you guys that had the issues though.

I'm willing to give them a free pass this time because I really like the AV and they have been really good thus far. If something like this happens again though, I'll consider switching back to Kaspersky.

I switched back to Kaspersky.

And now that Kaspersky 2009 has an 'a' patch that fixes a few important bugs. I'm really happy with it.

But I spent money on Eset Smart Security and it's not like I will get it back. :(

Grand Master

Ji@nBing

Posted
Posted
I switched back to Kaspersky.

And now that Kaspersky 2009 has an 'a' patch that fixes a few important bugs. I'm really happy with it.

But I spent money on Eset Smart Security and it's not like I will get it back. :(

Well Eset has a really good track record, and as far as I know, this is the first time something like this has happened with them. I wasn't effected by it, so I'm not all that concerned by it. They acted quickly and handled it well IMO. Like I said, due to their track record, I'm willing to give them a free pass on this one, but if they screw up again I will consider switching.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By ShadeOfBlue · Posted

      Those are some popular multiplayer games. But hardly "all". Just those that don't work on Linux currently due to specific anti-cheat implementations. I think it's also fair to point out the literally thousands of games that don't work on the PS5. And it's not locked at 1080p. That's the default, which you can change.
    • Ubuntu Livepatch arrives on Arm64 to eliminate system reboots for kernel updates

      By zikalify · Posted

      Ubuntu Livepatch arrives on Arm64 to eliminate system reboots for kernel updates by Paul Hill Canonical has just announced that its Livepatch service now supports computers with Arm64 processors. For those who are not familiar, Livepatch allows users to apply important kernel updates without any service interruption or rebooting. While home users will benefit from this, it’s even more important for critical machines that absolutely should not be going offline at all. The feature is available as part of Ubuntu Core 26 for Arm64 and Ubuntu Core 20 and onwards for AMD64. According to Canonical, this will improve the security of systems that aren’t security-maintained daily or weekly, and it helps organizations work towards Cyber Resilience Act (CRA) compliance. If you are familiar with Ubuntu, you probably know that most packages can be updated without having to restart the system. There is one big exception to this, and that’s the kernel; it typically requires you to reload the system to boot into the new kernel. With Livepatch, Canonical has done something so that you don’t need to restart to begin using the new kernel. Aside from Ubuntu Core 26, users with Arm64 chips running Ubuntu 26.04 LTS can also use Livepatch. If you want to learn more about Livepatch, check out its product page. There, you can also find a button to join Ubuntu Pro (it’s free for several home devices) so that you can enable Livepatch. By linking your computer to Ubuntu Pro, you will also extend the life of your Ubuntu install from five years to ten years. If you are running Ubuntu, let us know in the comments if you have been looking forward to this feature on your ARM-based computer. If you’ve had a compatible AMD64 machine for a while and never used this feature, let us know why in the comments!
    • The official Funny Pictures thread

      By Steven P. · Posted

    • Meta announces a major leadership change at WhatsApp

      By pradeepviswav · Posted

      Meta announces a major leadership change at WhatsApp by Pradeep Viswanathan Meta has announced a major leadership change at WhatsApp, with Will Cathcart stepping down after seven years of leading the world's largest messaging platform. CRED CEO and founder Kunal Shah will take over as the next global head of WhatsApp. CRED is an Indian fintech company focused on creditworthy consumers. As part of the transition, Meta is also making a minority investment in CRED through its Series H funding round. Meta CEO Mark Zuckerberg said Will Cathcart will remain at Meta and move into a new role focused on building new products from the ground up. Cathcart led WhatsApp during a major growth phase, helping the app reach more than 3 billion users worldwide. He also played a key role in expanding WhatsApp’s business offerings while keeping privacy and end-to-end encryption central to the product. Meta’s Chief Product Officer, Chris Cox, said Kunal Shah was selected after a search for a leader who understands WhatsApp’s global scale and future potential. In a leaked internal memo, Cox described Shah as a “serial founder” and one of India’s most respected entrepreneurs, adding that he brings “entrepreneurial energy” and a strong product mindset to the role. As part of the Series H funding round, CRED is raising ₹8,550 crore, or about $900 million, in a round led by Meta. The funding values CRED at ₹43,239 crore, or about $4.5 billion, on a post-money basis. It is important to note that this investment will not give Meta access to CRED customer information. Kunal posted the following on X regarding his new role at Meta: Although Kunal Shah will be stepping away from his operating role as CRED CEO, he will retain his personal shareholding in the company.
    • It's about to become harder to turn off your Samsung TV, thanks to Instagram

      By fishnet37222 · Posted

      It wouldn't be hard for me to turn off my TV, if I had one. For one thing, I never scroll Instagram. The only reason I have an account is because Meta created one when it merged the account systems for its various services.

  • Recent Achievements

    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      +Edouard
      207
    3. 3
      PsYcHoKiLLa
      98
    4. 4
      Michael Scrip
      89
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!