Eset Apologises for blunder

By zerologic
in Back Page News

 Share

Recommended Posts

Mentor

zerologic

Posted
Posted

Wilders Security Forums

Hello,

we are very sorry for the problems you have experienced with one of the recent updates. The root of the problem was a problematic section in the code that emerged just recently. It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm on benign files. I can assure you that we do make tests before releasing updates to prevent false positives from occuring. In this case, the alarm was triggered under specific circumstances varying from computer to computer (ie. a specific file flagged on one computer was not flagged on each other). Right now we are preparing a knowledge base article concerning this issue. Those who are experiencing problems should follow these instructions:

- restart the computer in Safe mode (press F8 several times before the Windows logo appears)

- delete the file C:\Program Files\ESET\ESET Smart Security\em002_32.dat

- delete the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles or If you have Windows Vista delete the folder C:\Users\All Users\ESET\ESET Smart Security\Updfiles

- delete all files in the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\ or

- restart the computer

- start Windows in normal mode and update ESET Smart Security/ESET NOD32 Antivirus by hitting the button ?Update virus signature database?

Note: Windows Vista uses the folder "Users" instead of "Documents and Settings"

It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm, otherwise the problem would have been caught during the pre-release test. In fact it was a well hidden bug from v2 that resulted in this problem and which has been identified and fixed within a reasonable time frame.
Link to comment
https://www.neowin.net/forum/topic/638603-eset-apologises-for-blunder/
Share on other sites
Grand Master

+BeLGaRaTh Subscriber¹

Posted
  • Subscriber¹
Posted

You only needed to update to sig database 3121 to fix this, rather than going through all that crap. Either way they fixed it quite quickly, I sent them an email, had a call from them within half an hour or so confirming what was happening and what the errors were, half hour or so after that got another call to say all had been fixed and to do a manual update (the problem was with the new code and sig database 3120 apparantly) and that came direct from the ESET devs.

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted

Yeah I had big trouble this morning, almost all my games has been detected to contain "unknown virus", system locked up several times, and eventually the repeated lock ups leaded to some file corruption which caused a BSOD when booting Windows!

Running Windows repair from the boot disk then removing/reinstalling/updating NOD32 fixed the problem.

Mentor

zerologic

Posted
  • Author
Posted

This really makes me want to reconsider my choice of Antivirus.

Should have stuck to Kaspersky. Luckily I have a Kaspersky license and <pause> now Kaspersky is back on my PC. Sorry Eset. Can't afford to damage my PC with software that's meant to keep it safe from malware damage.

Mentor

zerologic

Posted
  • Author
Posted
How would your computer be damaged?

A lot All of my Adobe software stopped working. I had to restore from quarantine and while I was doing this, NOD locked up my Pc twice. Also, a demo game stopped working too. But restore from quarantine didn't succeed.

By 'computer' I meant, effectively my computer was damaged because of NOD damaging my software. Without software my computer is just a box, a heavy useless box.

Mentor

zerologic

Posted
  • Author
Posted

Statement from ESET, LLC regarding signature update 3119

Early this morning, ESET became aware that virus signature update version 3119 unfortunately caused a false positive detection of certain applications and drivers, most notably from Adobe. ESET is aware of the problem and promptly issued an update, version 3121.

For customers impacted by update v.3119, please visit ESET?s Knowledgebase for additional steps to resolve the conflict:

http://www.eset.com/support/kb.php?o...&articleid=812

ESET is continuing to assess the extent of the issue, and more information will be provided as soon as we have it. We regret any inconvenience this has caused to our customers and are working around the clock to assist those who have been affected.

- Anton Zajac, CEO of ESET LLC, 5/22/08

Grand Master

xendrome

Posted
Posted

This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

Mentor

Harlem39s Finest

Posted
Posted

after i read "eset going mad" thread i tried to replicate the false positive by opening programmes that were marked as virus/etc, nod identified comodo and two other apps as a virus, i did a manual update and it fixed the problem. guess i was lucky.

Mentor

zerologic

Posted
  • Author
Posted
This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

It's something I have noticed too. Noticed web browsing can sometimes get really slow, then I uninstalled NOD32 and installed another product - no more speed problems. :/

Neowinian

Mercury_22

Posted
Posted
This is kind of funny, i just uninstalled NOD32 from all of my systems yesterday.

Because I realized 3.x sends all web traffic through ekern.exe as a web-proxy to scan for threats. The problem is you can't really turn it off, if you do when it then bugs you about not being fully active, and then when you reboot it turns it's self right back on.

Also the main issue in the way this setup is, if your running any kind of application rules based firewall, if you approve ekern.exe for access to the net, since all apps accessing the net are proxyied through this, you basically just approved all traffic from all applications, you can verify this by looking in like TcpView and opening Firefox, you'll see that Firefox doesn't open all the http connections to retrieve the content, but ekern.exe does.

Also this works the other way around, if you disable ekern.exe from internet access, chances are you just blocked most of your apps from getting to the web.

I didn't uninstall 100% for that reason, that is actually something that I came across while I was trying to figure out why I had a TON of open and half-open TCP connections.

The ekern part of the proxy is very inefficient at closing closed requests and I have seen reports of it actually slowing down internet/page requests.

This is just what I have noticed, so don't bash me on it... go test this stuff out for yourself.

You?re totally right !

And even if you uncheck "Enable HTTP checking" (beside unchecking "Enable web access protection") it's just look disable but it's still doing the "proxy thing":angry:y:

I can't understand why ESET keep this "web access protection / proxy" "feature":x:x in the Antivirus ! this should be present only in the ESET Smart Security !

Better stay with v. 2.7 because v3 it's .........

Grand Master

Ji@nBing

Posted
Posted

Strange. I'm running v3 and I've had no problems. Sucks for you guys that had the issues though.

I'm willing to give them a free pass this time because I really like the AV and they have been really good thus far. If something like this happens again though, I'll consider switching back to Kaspersky.

Mentor

zerologic

Posted
  • Author
Posted
Strange. I'm running v3 and I've had no problems. Sucks for you guys that had the issues though.

I'm willing to give them a free pass this time because I really like the AV and they have been really good thus far. If something like this happens again though, I'll consider switching back to Kaspersky.

I switched back to Kaspersky.

And now that Kaspersky 2009 has an 'a' patch that fixes a few important bugs. I'm really happy with it.

But I spent money on Eset Smart Security and it's not like I will get it back. :(

Grand Master

Ji@nBing

Posted
Posted
I switched back to Kaspersky.

And now that Kaspersky 2009 has an 'a' patch that fixes a few important bugs. I'm really happy with it.

But I spent money on Eset Smart Security and it's not like I will get it back. :(

Well Eset has a really good track record, and as far as I know, this is the first time something like this has happened with them. I wasn't effected by it, so I'm not all that concerned by it. They acted quickly and handled it well IMO. Like I said, due to their track record, I'm willing to give them a free pass on this one, but if they screw up again I will consider switching.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.