Print

Print


In the same window under setup, you can temporarily disable virus protection.  

fyi: This does not seem to work on our Vista clients.

On Fri, 31 Jul 2009 11:06:35 -0400, Andrew Hendrickson 
<[log in to unmask]> wrote:

>Okay, sorry to be a pest, but how exactly was ESET disabled?  If we  
>disable the ESET service, we can't load the ESET interface in order to  
>run Update.
>
>
>On Jul 31, 2009, at 10:55 AM, Scott Danis wrote:
>
>> I double-clicked on the red eye to open the ESET dialogue window.   
>> Clicked on
>> Update, then clicked on Update Virus Signature database.  After it  
>> loaded, I
>> turned protection back on.  That in itself worked, but I rebooted  
>> just for fun.
>> The version that seems to work is 4294 (20090731).
>>
>>
>> On Fri, 31 Jul 2009 10:50:13 -0400, Andrew Hendrickson
>> <[log in to unmask]> wrote:
>>
>>> Scott, can you elaborate on "manually updated the virus signature
>>> database"?  It may be the key to our mess.
>>>
>>> On Jul 31, 2009, at 10:34 AM, Scott Danis wrote:
>>>
>>>> While ESET was disabled, I manually updated the virus signature
>>>> database.  I
>>>> then enabled virus protection.  I rebooted and everything came up
>>>> normally
>>>> and am running fine.
>>>>
>>>>
>>>> Microsoft Windows XP Professional (5.1.2600)
>>>> Dell OPtiplex GX620
>>>>
>>>>
>>>> On Fri, 31 Jul 2009 10:08:38 -0400, Dean Williams
>> <[log in to unmask]
>>>>>
>>>> wrote:
>>>>
>>>>> IT Colleagues,
>>>>>
>>>>> ETS is opening a support case with ESET, since the one common  
>>>>> thread
>>>>> with every frozen computer seems to be NOD32.  So far, it seems  
>>>>> to be
>>>>> true (correct me if I've got this wrong) that:
>>>>>
>>>>> 1. Some systems don't freeze -- not restarting them might be a wise
>>>>> approach, at least for now
>>>>>
>>>>> 2. Some frozen systems are fixed by disabling NOD32, so that might
>>>>> be a reasonable first approach
>>>>>
>>>>> 3. Other frozen systems are fixed by removing NOD32
>>>>>
>>>>> 4. Replacing a bad virus definition file may take care of it -- as
>>>>> noted in Andrew's latest posting
>>>>>
>>>>> ETS will post updates here as we get better information from ESET  
>>>>> or
>>>>> elsewhere.  Of course, if anyone has a breakthrough, posting it on
>>>>> IT-
>>>>> Discuss is the fastest way to get the information to the UVM IT
>>>>> community for verification and application.  Already, what's been
>>>>> posted here has narrowed down the apparent cause, and provided
>>>>> important information for ETS to share with ESET -- thanks to all  
>>>>> for
>>>>> that.  Client Services has a limited number of people who can help
>>>>> with the current labor-intensive work-around; we'll allocate those
>>>>> folks mainly to offices and individuals who have no IT support of
>>>>> their own, but if you are totally swamped trying to get your  
>>>>> clients
>>>>> back in business, please ask for help via the Help Line.
>>>>>
>>>>> Thank you for your collaboration in diagnosing and fixing this
>>>>> problem, and thanks to all for their patience as a permanent  
>>>>> solution
>>>>> is found.
>>>>>
>>>>>
>>>>> Dean Williams
>>>>> ETS Director for Client Services
>>>>> Enterprise Technology Services
>>>>> [log in to unmask] | 802-656-1174
>>>>>
>>>>>   Check the status of UVM networks and servers
>>>>>   any time at 656-1234.
>>>>>
>>>>>
>>>>> On Jul 31, 2009, at 9:24 AM, Niggel, Patrick wrote:
>>>>>
>>>>>> Did you boot into safe mode with Networking?  If the computer
>>>>>> can�t
>>>>>> authenticate your credentials off of the CAMPUS domain, then you
>>>>>> won�t be able to get in.  I don�t believe safe mode uses  
>>>>>> cached
>>>>>> credentials, from what I just tried it doesn�t.  By default it
>>>>>> wants
>>>>>> to use local only admin logins, but you can tell it to reference a
>>>>>> specific domain� of course having no networking this won�t  
>>>>>> work
>>>>>> (and
>>>>>> again, it wouldn�t accept my password cached on the machine).
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: Technology Discussion at UVM [mailto:IT-
>> [log in to unmask]]
>>>>>> On Behalf Of Richard Del Pizzo
>>>>>> Sent: Friday, July 31, 2009 9:09 AM
>>>>>> To: [log in to unmask]
>>>>>> Subject: Re: [Fwd: Re: Recent Windows Vista and XP freezing
>>>>>> problems]
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Carol,
>>>>>>
>>>>>> Some of us in the Office of Sponsored Programs had this problem  
>>>>>> this
>>>>>> morning including myself.  Your instructions worked perfectly with
>>>>>> one caveat.  When I tried to boot in Safe Mode, my ID and password
>>>>>> were not accepted even though I am an administrator on my machine.
>>>>>> Luckily I knew the password for the 'Administrator' account which
>>>>>> let me in so I could uninstall ESET.  Anyone else encounter this?
>>>>>> Any thoughts if one does not know their 'Administrator' password?
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Regards,
>>>>>> Richard Del Pizzo
>>>>>> Information Technology Professional Senior
>>>>>> Office of Sponsored Programs
>>>>>> University of Vermont
>>>>>> Burlington, VT 05405
>>>>>>
>>>>>>
>>>>>> Carol Caldwell-Edmonds wrote, On 7/31/2009 8:35 AM:
>>>>>>
>>>>>> Another student tech just reported this.  It does seem to be ESET.
>>>>>> To uninstall it completely, boot to safe mode (shut down, boot,
>>>>>> press F8, go to All Programs, open the ESET folder, use the
>>>>>> Uninstall in that folder. Removing it any other way will not  
>>>>>> totally
>>>>>> uninstall all of the components in ESET and your computer will  
>>>>>> still
>>>>>> freeze.  Restart, go back to work.
>>>>>>
>>>>>> Yes, I am working without AV on my computer, but  all of my data  
>>>>>> is
>>>>>> always on network drives, so I can reimage at will. Also, I stay  
>>>>>> off
>>>>>> of AIM, and only visit known safe places online.
>>>>>>
>>>>>> If you are using a personal computer, not UVM owned, you could use
>>>>>> AVG like the student tech here reports:
>>>>>>
>>>>>> Carol
>>>>>>
>>>>>> -- 
>>>>>> Carol Caldwell-Edmonds,
>>>>>> Enterprise Technology Services: Client Services
>>>>>> Manager, UVM Computing Helpline and the Computer Depot Clinic
>>>>>> University of Vermont
>>>>>> [log in to unmask]
>>>>>> <image001.gif>
>>>>>> never take yourself TOO seriously...
>>>>>> artwork by Shannon Edmonds
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Subject:
>>>>>>
>>>>>> Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>> From:
>>>>>>
>>>>>> Alex McConaghy <[log in to unmask]>
>>>>>>
>>>>>> Date:
>>>>>>
>>>>>> Fri, 31 Jul 2009 08:24:11 -0400
>>>>>>
>>>>>> To:
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>> To:
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I was having the same problem all day yesterday with ESET  
>>>>>> causing my
>>>>>> system to freeze up. Removing ESET in safe mode solved the  
>>>>>> problem,
>>>>>> but when you reinstall it and get the new updates the problem  
>>>>>> starts
>>>>>> all over again. I ended up removing ESET and put AVG on my system
>>>>>> and I am back to normal without ESET. I am going to reinstall ESET
>>>>>> in a few days when hopefully they have fixed the problem.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>>
>>>>>>
>>>>>> ____________________________
>>>>>>
>>>>>> Alex McConaghy
>>>>>>
>>>>>> University of Vermont '12
>>>>>>
>>>>>> School of Business Administration
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>> Google Voice: (215) 839-9768
>>>>>>
>>>>>> Cell: (215) 840-5065
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: Helpline Staff [mailto:[log in to unmask]] On Behalf Of
>>>>>> Carol Caldwell-Edmonds
>>>>>> Sent: Friday, July 31, 2009 8:12 AM
>>>>>> To: [log in to unmask]
>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>>
>>>>>>
>>>>>> Mine still froze after removing the update. I am now going into  
>>>>>> safe
>>>>>> mode and removing ESET.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jul 31, 2009, at 8:09 AM, Carol Caldwell-Edmonds wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Helpline--the freezing issue was reported all evening and is back.
>>>>>> Try going into safe mode, control panel, Programs and Features,
>>>>>> click the link in the upper left for recent updates, scroll to the
>>>>>> bottom under windows updates, remove KB972260, restart, let me  
>>>>>> know
>>>>>> if it�s better.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Carol
>>>>>>
>>>>>>
>>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: "J. Greg Mackinnon" <[log in to unmask]>
>>>>>>
>>>>>> Date: July 30, 2009 10:36:39 PM EDT
>>>>>>
>>>>>> To: [log in to unmask]
>>>>>>
>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>> Reply-To: Technology Discussion at UVM <IT-
[log in to unmask]>
>>>>>>
>>>>>>
>>>>>>
>>>>>> So you have three computers from which you removed and reinstalled
>>>>>> NOD32, but not the KB972260 hotfix?  And these systems all
>>>>>> manifested the lockup after re-installation?  If so, that is  
>>>>>> pretty
>>>>>> strong evidence.
>>>>>>
>>>>>> If the Helpline and Client Services systems that were reported as
>>>>>> fixed this afternoon re-manifest, and removing the KB hotfix
>>>>>> stabilizes them, we will block re-installation of the KB hotfix on
>>>>>> domain-joined systems.
>>>>>>
>>>>>> We also will need to got the problem resolved at a more basic  
>>>>>> level
>>>>>> quickly.  There are expected to be more critical Internet Explorer
>>>>>> and Operating System updates next week that cannot be left
>>>>>> unpatched.  Since MS has taken to releasing IE updates as
>>>>>> "cumulative" updates (combining many previously released updates  
>>>>>> in
>>>>>> a single package), we will encounter this issue again if not
>>>>>> properly addressed.
>>>>>>
>>>>>> -Greg
>>>>>>
>>>>>> Andrew Hendrickson wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'd say that those who reported such things didn't wait long
>>>>>> enough.  In every case thus far (and I've seen three),  
>>>>>> reinstalling
>>>>>> NOD32 eventually brought about the same symptoms if the KB was  
>>>>>> left
>>>>>> in place.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:
>>>>>>
>>>>>>
>>>>>>
>>>>>>    Andrew:
>>>>>>
>>>>>>
>>>>>>
>>>>>> We have had reports that simply removing/reinstalling NOD32 made  
>>>>>> the
>>>>>>
>>>>>> problem "go away", at least for the time being.  This information
>>>>>>
>>>>>> suggests that the problem is being caused by NOD32 on its own, not
>>>>>> by
>>>>>>
>>>>>> the KB hotfix list.  Did you try simply reinstalling NOD32 on  
>>>>>> any of
>>>>>>
>>>>>> the systems you visited?
>>>>>>
>>>>>>
>>>>>>
>>>>>> If KB972260 is responsible, then we can block its distribution for
>>>>>>
>>>>>> domain-joined systems.  However, this is a patch for a remote code
>>>>>>
>>>>>> execution vulnerability.  Microsoft security felt it was urgent
>>>>>>
>>>>>> enough that this patch needed to be released out-of-band (i.e. not
>>>>>> on
>>>>>>
>>>>>> "patch Tuesday").  Left unpatched, this vulnerability likely / 
>>>>>> will/
>>>>>>
>>>>>> be exploited.  Thus, I would prefer to avoid blocking this update
>>>>>>
>>>>>> until we have a bit more evidence that it is responsible for  
>>>>>> system
>>>>>>
>>>>>> lockups.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -Greg
>>>>>>
>>>>>>
>>>>>>
>>>>>> Andrew Hendrickson wrote: Okay, tomorrow may just be a really  
>>>>>> really
>>>>>>
>>>>>> bad day for everyone.  Just fair warning.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I've had two reports of machines freezing up with a busy cursor,  
>>>>>> one
>>>>>>
>>>>>> Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET 
NOD32
>>>>>>
>>>>>> version 3.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the Vista machine a "failure - security options: Login process
>>>>>> has
>>>>>>
>>>>>> failed to create the security options dialog" would appear.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the XP machine, Windows Explorer simply freezes and no  
>>>>>> keystrokes
>>>>>>
>>>>>> get a response, including the venerable control-alt-del.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the Vista machine I discovered that KB972260 had just been
>>>>>>
>>>>>> installed.  When I removed that KB AND removed ESET NOD32, the
>>>>>>
>>>>>> problem went away.  If I tried to run the machine after just
>>>>>> removing
>>>>>>
>>>>>> the KB, the problem remained.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I confirmed that this was also the case on the Windows XP  
>>>>>> machine as
>>>>>>
>>>>>> well.
>>>>>>
>>>>>>
>>>>>>
>>>>>> KB97260 appears to be a critical out of band update released to
>>>>>>
>>>>>> rectify some serious security flaws in Internet Explorer and is an
>>>>>>
>>>>>> update for all flavors of Windows currently supported and all
>>>>>> flavors
>>>>>>
>>>>>> of IE.
>>>>>>
>>>>>>
>>>>>>
>>>>>> And, just to set my evening to "extra crispy" when I returned to  
>>>>>> my
>>>>>>
>>>>>> office my own Vista desktop was waving it's "Failure - Security
>>>>>>
>>>>>> Options" freaky flag.  ;-)
>>>>>>
>>>>>>
>>>>>>
>>>>>> So far the only thing that appears to work is to either remove the
>>>>>> KB
>>>>>>
>>>>>> and ESET, or remove both, block the KB in Windows Update and
>>>>>>
>>>>>> reinstall ESET.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Perhaps we could block this particular KB at the update server  
>>>>>> until
>>>>>>
>>>>>> ESET gets this cleared up?
>>>>>>
>>>>>>
>>>>>>
>>>>>> I don't think that this is just a bad ESET definition file,  
>>>>>> because
>>>>>>
>>>>>> the machine runs fine with the KB removed and blocked but ESET
>>>>>>
>>>>>> installed.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Andrew Hendrickson
>>>>>>
>>>>>> CAS, IT Administrator
>>>>>>
>>>>>> UVM, College of Arts & Sciences
>>>>>>
>>>>>> 438 College Street #402
>>>>>>
>>>>>> Burlington, VT
>>>>>>
>>>>>> 05405
>>>>>>
>>>>>>
>>>>>>
>>>>>> 802-656-7971
>>>>>>
>>>>>> 802-656-4529 (fax)
>>>>>>
>>>>>>
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>>
>>>>>>
>>>>>> To submit a request for service please use:
>>>>>>
>>>>>> http://footprints.uvm.edu/ashelp.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>
>>> Andrew Hendrickson
>>> CAS, IT Administrator
>>> UVM, College of Arts & Sciences
>>> 438 College Street #402
>>> Burlington, VT
>>> 05405
>>>
>>> 802-656-7971
>>> 802-656-4529 (fax)
>>>
>>> [log in to unmask]
>>>
>>> To submit a request for service please use:
>>> http://footprints.uvm.edu/ashelp.html
>
>Andrew Hendrickson
>CAS, IT Administrator
>UVM, College of Arts & Sciences
>438 College Street #402
>Burlington, VT
>05405
>
>802-656-7971
>802-656-4529 (fax)
>
>[log in to unmask]
>
>To submit a request for service please use:
>http://footprints.uvm.edu/ashelp.html