PDA

View Full Version : Strange NOD32 problem



CYaBro
28-02-2008, 08:55 AM
I have a customer who uses Sybiz Vision accounting software and NOD32 antivirus software.
They have been running V2.7 on the file server and all workstations and have had no problems.
They renewed their license at the end of last year and they wanted to upgrade to the new V3.
So I did that but now they have problems with their accounting software.
When trying to run a report it just crashes with no error message.

The accounting data is stored on the file server (Windows Server 2003) and has no backend or anything like that installed on the server.

Even if I disable NOD32 on the server the problem is still there.
The only way to fix the problem is to uninstall NOD32 from the server.

I have tried adding exclusions to NOD32 but it made no difference.
I don't think the problem is the AV scanning part because even with it disabled the problem is still there.
NOD32 must install some other stuff that is interfering with network traffic.

Anyone got any ideas?

nofam
28-02-2008, 09:16 AM
If there's no backend on the server, how are the client PC's actually accessing the data? Is it via a system DSN/ODBC kind of thing?

CYaBro
28-02-2008, 09:18 AM
If there's no backend on the server, how are the client PC's actually accessing the data? Is it via a system DSN/ODBC kind of thing?

Yes it is. When you install Sybiz on the workstation it does do some ODBC stuff.
Not exactly sure as I haven't had to do that for over a year.

nofam
28-02-2008, 10:01 AM
Just been checking on the net, and it seems NOD32 limits the number of TCP/IP connections to a server etc to help prevent worm attacks.

ODBC connections disregard the last-used connection, and open a new one on every 'query', so it would follow that even if you shut down the virus scanning part of NOD32, there's possibly a registry change that alters the connection limit?

Does that make sense? :nerd:

CYaBro
28-02-2008, 10:02 AM
Just been checking on the net, and it seems NOD32 limits the number of TCP/IP connections to a server etc to help prevent worm attacks.

ODBC connections disregard the last-used connection, and open a new one on every 'query', so it would follow that even if you shut down the virus scanning part of NOD32, there's possibly a registry change that alters the connection limit?

Does that make sense? :nerd:

Yea it does. Now to try and trace that change and change it to see if it makes any difference.

nofam
28-02-2008, 10:10 AM
Try this:

Edit tcpip.sys manually to remove the TCP/IP socket creation limit

Another option, for the more adventurous is to modify your tcpip.sys file manually, using a hex editor. The following instructions refer to the final release of XP SP2, with a tcpip.sys file of exactly 359,040 bytes, CRC-32 is 8042A9FB, and MD5 is 9F4B36614A0FC234525BA224957DE55C. Even thouh there might be multiple tcpip.sys files in your system, make sure to work with the one in c:\windows\system32\drives\ directory.

To remove the tcpip.sys socket creation limit:
- Backup your original tcpip.sys file before editing please, this is somewhat important !
- In your hex editor, go to offset 4F322 hex (or 324386 decimal).
- Change 0a 00 00 00 to 00 00 0a 00

All done !

I know it's for XP SP2, but I imagine it should work for Server 2003?

CYaBro
13-03-2008, 11:32 PM
Well I finally got around to trying the latest V3 - 642 on the clients server.
It installed OK and I set it up as per Microsoft's instructions for a Domain Controller.

Everything was working great, even the Sybiz accounting software!
Great I thought, Eset have fixed the problem.

About two hours later I get a call saying that none of the workstations can access the server.
I try to log in remotely but couldn't do that either so I told them to uninstall NOD32 again from the server.
After that was done everything returned to normal.

I have emailed Eset again about this so will wait to see what they have to say this time.

liliang
30-04-2008, 07:54 AM
Hello.. When I Update the version of 2.7 to 3.0 of NOD32 I start to have the same problem... At first, the Nod helpdesk told me that the problem was the version (3.621.0) so they asked me for update to (3.650.0) and, obviusly, the problem of the irregular disconexion still there. If you or anybody fine the solution please post it here, because, until now, NOD can't solve this problem!!!!!

CYaBro
30-04-2008, 08:38 AM
Problem solved by going back to V2.7. :horrified

Will keep an eye out on Eset's forums to see if this ever gets fixed.

liliang
30-04-2008, 08:52 AM
Are you seriusly?! Have this no solution? I will kill the NOD Company! Because I bought the licence for the 3.0 version! And is not for free!! Didn't you fine any other solution?!