Jump to content

NOD 32 seems to be causing freeze during boot


Recommended Posts

I will completely uninstall MBAM (although ESET UK only said to give it a delayed start). It would be interesting to know whether everyone experiencing this issue also has MBAM installed.

 

Regards

 

John

Link to post
Share on other sites

MBAM is now uninstalled completely. Things seemed to be be going well at first, but after some 10 starts I had another failed boot. Same symptoms as before - spinning circle on desktop, icons unresponsive and had to be shut down with a hard reset. I chose to restart as normal Windows, which it did. But unfortunately this issue has always been intermittent, with and without MBAM. Unfortunately I didn't do a bootlog start on this one. The average "rate of failure" does seem to be of the order of 1 in 10 or so, which I believe others have found too. But occasionally I have had three or four fails in succession.

 

John

Link to post
Share on other sites

Hi,

 

From your posts it seems that when you are disabling startup scans everything is ok? Is that correct? Also can you check it by rebooting system many times?

 

Can you check to downgrade to V5?

I understand that you had no issues with this version? Is that correct?

 

best regards,

harry

Edited by black_harry
Link to post
Share on other sites

MBAM is now uninstalled completely. Things seemed to be be going well at first, but after some 10 starts I had another failed boot. Same symptoms as before - spinning circle on desktop, icons unresponsive and had to be shut down with a hard reset. I chose to restart as normal Windows, which it did. But unfortunately this issue has always been intermittent, with and without MBAM. Unfortunately I didn't do a bootlog start on this one. The average "rate of failure" does seem to be of the order of 1 in 10 or so, which I believe others have found too. But occasionally I have had three or four fails in succession.

 

John

Sorry that the "uninstall" didn't fix it, but it's good that you uninstalled MBAM for now anyway, since now we know that you do experience the issue on & off even when MBAM is not installed, wich we didn't know for sure before as it was just disabled. So we can rule out the combo ESET & MBAM as the troublemaker at the moment.

 

Well, I guess the best and only way forward is to provide ESET with logs so they can fix this for you and others that are having this issue. Though what logs you should create exactly is up to ESET to tell you. But working together with ESET on this is important to get it fixed properly, speaking from my own experience as I am doing the same thing now with another issue that I am having ;)

Link to post
Share on other sites

Hey guys !!

Just to chime in here . . .

Hopefully ESET doesnt kill me for manipulating there files . . (hey ! programmer + tinkerer) I'm sure i would get a phone call from " Andrew " if i was out of line, LOL.

 

Okay in the interest of trying to provide a workaround, i messed with this -----> epfwwfpr.sys

First i went to HKLM\SYSTEM\CurrentcontrolSet\Services\epfwwfpr and tried changing start type from 2"AutoStart" to 4"Disabled" but ESET repaired this each reboot.

I then renamed the entire key by adding a tilde - (Had no effect)

I next went to %systemroot%\system32\drivers and renamed "epfwwfpr.sys" => "~epfwwfpr.sys"

After restarting, astonishing this was my error: [see attached pic]

Cannot provide analysis for HTTP and POP3

 

So i restored the file, and im here posting to suggest Disabling HTTP Checking, and POP3 protocol Checking from Advanced Setup

Setup > Advanced > Web and Email > Email Client protection & Web access protection.

 

Then see if your computer still locks up on restarting like you say.

 

**** Please take Note :

With all this being said, keep in mind ESET is providing their firewall technology incorporated into the NOD32 Antivirus software, when we are not even paying or using the Security Suite.

This we should be thankful for.

 

;)

 

 

Let me know if the above helps with your lockup issue on that file.

post-1101-0-19397600-1378277275_thumb.jpg

Edited by Arakasi
Link to post
Share on other sites

Oh another note, the attached picture is Malwarebytes Pro - This picture shows what i am almost positive is the option for HTTP protocol checking for MBAM which would collide with ESET, if both are using the

Base Filtering Engine service and others together.

 

I use this software in conjunction with ESET Nod32 ver 7

 

I have never, ever, had a lockup or conflict issue while running these two concurrently !!!

 

I use Windows 7 Home x64bit

:)

 

Feel free to ask any other questions about my system.

post-1101-0-24906000-1378277808.jpg

Edited by Arakasi
Link to post
Share on other sites

Here's more.

 

I am gonna get kilt for spamming instead of putting this all together, but hey. . . . i keep running into helpful information. Please dont be mad lol.

 

This other attached pic is the description of BFE service.

With that being read, this " epfwwfpr.sys explicitly relies " on the BFE service to be running in order to work properly.

See second attached pic !!!

 

So if any of those are failing, or lagging behind during the boot process, or set to auto-delayed, or anything of this nature.

Your system is going to HANG !!!

 

:)

 

Good luck !!

 

post-1101-0-98130100-1378278141_thumb.jpg

post-1101-0-06404200-1378278191_thumb.jpg

Link to post
Share on other sites
 
 

Thanks Arakasi, that looks very helpful.  I will try your suggestion asap.

 

@ESET:

I've been experiencing failed logons for ages now.  The trouble is, they're so sporadic so generating crash dumps isn't really convenient.  However, 4 failed logons within about 3 hours this morning have really tested my patience..along with the other 4 from the previous 14 days.

 

There seems to be a lot of suggestion that MBAM and v6 of ESS/NOD32 do not play nicely together but surely the ESET developers/testing team are capable of proving this or ruling it out without the need of complete crash dumps?  It's in the interests of paying customers that a resolution is found and quickly.

 

Have ESET contacted MBAM developers for a possible resolution?  I'm sure MBAM would want to ensure that their pro version doesn't cause serious stability issues when used with another popular security program.  At the end of the day, the paying customer will eventually decide to ditch one program in order to continue using the other.  I have about 8 months subscription to ESS left and I'm just about ready to cut my losses and look for replacement anti-virus and firewall software.

 

V6 has been on the market for 9 months and the issue(s) persist.  v4.2.71 was the last 'stable' release I used.  I never had logon failures or firewall configuration errors.

 

Anyway...gonna try Arakasi's suggestion now.

Link to post
Share on other sites

No joy, I'm afraid.

 

First two reboots were fine but it was a case of third time unlucky for me.

 

EventID 7022: The ESET Service service hung on starting.

 

I dont want to discourage others from trying the same solution. I am not sure if your issue is directly related to this same service system file or not, also the first time you have posted in this thread.

 

Eset service (ekrn) is totally different then the BFE service or Epfwwfpr service.

 

nickster, could you paste a screen shot of the event viewer error with details of your lockup ?

Link to post
Share on other sites
 
 

 

 

No joy, I'm afraid.

 

First two reboots were fine but it was a case of third time unlucky for me.

 

EventID 7022: The ESET Service service hung on starting.

 

I dont want to discourage others from trying the same solution. I am not sure if your issue is directly related to this same service system file or not, also the first time you have posted in this thread.

 

Eset service (ekrn) is totally different then the BFE service or Epfwwfpr service.

 

nickster, could you paste a screen shot of the event viewer error with details of your lockup ?

 

 

The screenshot will have to wait for the next error as I've just cleared my logs out.

 

However, could there be a link with the Anti-Stealth support module: 1051 (20130822) and/or the HIPS support module: 1094 (20130822)?

 

I experienced at least 9 failed logons since those modules were updated and even though they occured before, they were not as frequent.

Link to post
Share on other sites

 

 
 

 

 

No joy, I'm afraid.

 

First two reboots were fine but it was a case of third time unlucky for me.

 

EventID 7022: The ESET Service service hung on starting.

 

I dont want to discourage others from trying the same solution. I am not sure if your issue is directly related to this same service system file or not, also the first time you have posted in this thread.

 

Eset service (ekrn) is totally different then the BFE service or Epfwwfpr service.

 

nickster, could you paste a screen shot of the event viewer error with details of your lockup ?

 

 

The screenshot will have to wait for the next error as I've just cleared my logs out.

 

However, could there be a link with the Anti-Stealth support module: 1051 (20130822) and/or the HIPS support module: 1094 (20130822)?

 

I experienced at least 9 failed logons since those modules were updated and even though they occured before, they were not as frequent.

 

 

Not to sure, those features are a whole new ball game.

Might be something Staff can answer for you !! Unsure of the current status of those modules and any reporting that may have been done thus far.

 

Also, if you did not purge your event logs, and only cleared them in the UI of event viewer.

I think they may still be available @ C:\Windows\System32\winevt\Logs\

Link to post
Share on other sites
Have you done a succession of windows starts with boot logging enabled (as I have done)? This revealed (for me anyway) that the ESET file  epfwwfpr.sys was the culprit - that's where the boot process "stuck" each time.

 

No, I have not tried this. Hopefully, the developers will find this useful.

 

There seems to be a lot of suggestion that MBAM and v6 of ESS/NOD32 do not play nicely together but surely the ESET developers/testing team are capable of proving this or ruling it out without the need of complete crash dumps?  It's in the interests of paying customers that a resolution is found and quickly.

 

Have ESET contacted MBAM developers for a possible resolution?

 

 

People should not focus too much on the MBAM link. As I said earlier, I do not have real-time MBAM installed, only the on-demand free scanner.

 

I do, however, use Outpost Pro Firewall which, ironically, removed realtime malware protection in their most recent releases. Outpost Pro Firewall identifies Nod32 for compatibility during OPF installation; however, to keep OPF's Web Content Blocker working with Nod32, I have to manually edit OPF's INI file. However, I have been running this config for years without problem. Only now with my Lenovo, Windows 7, latest Nod32 have I been encountering this problem.

 

FYI since my last post, I've had not freezes but around half a dozen pauses while Nod decides whether or not to show its splash screen.

 

Link to post
Share on other sites
  • 2 weeks later...
  • ESET Insiders

Sorry for the late reply. I have not had internet for two weeks because my ISP is incompetent of providing internet access to it's customers. My interent is always going out for long periods of time, and they have always been at fault each time.

 

I restored my Laptop to it's factory state. Then I installed all Windows updates, and updated all driver available from Sony. My Laptop still hangs right before or right after the desktop loads about 50% of the time. The only other realtime security application I have installed is Appguard, and I use Shadow defender on-demand. I completely uninstalled Appguard, and Windows still hangs when the desktop loads. As soon as I uninstall NOD 32 I have no more failed boots or problems with Windows hanging. I have tried to get Windows to hang since uninstalling NOD 32 2 days ago, and Windows no longer will hang.

 

Since i'm sure now that NOD 32 is causing Windows to hang I need support to assist me with using the hotkeys so I can force Windows to BSOD, and create a full memory dump once Windows hangs. I have tried several different hot key combinations that I read about on the interent as being the most often used to force a BSOD,  but none of them are working. I have been unable to force Windows to dump it's memory. I always end up having to do a hard shutdown by holding the power button in. I'm using a Sony Viao Laptop model VPCEB46FX. I already have Windows configured to create a kernal memory dump. Is there something I need to change in the registry to enable using the hotkeys to force a BSOD? Is there some way to find out which hot keys a specific computer is using to force a full memory dump? I have tried all of those I know about, but I have had no luck.

Edited by cutting_edgetech
Link to post
Share on other sites
  • ESET Insiders

If I run process monitor during boot to create a log of the current state of all envoked processes then could that possibly provide the info needed to see the conflict NOD 32 is having? Would Process Monitor even be able to capture the needed info once Windows hangs? Here is an article describing how I intend to use Process Monitor. hxxp://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool

Edited by cutting_edgetech
Link to post
Share on other sites
  • Administrators

If Windows hangs, it's necessary to create a kernel (or better a complete) memory dump and convey it to ESET for analysis. For instructions how to configure Windows to generate complete or kernel memory dumps, refer to this KB article. It also contains instructions for forcing a crash manually. Alternative links with instructions are as follows:

hxxp://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx

hxxp://pcsupport.about.com/od/tipstricks/ht/makebsodxp.htm

Link to post
Share on other sites
  • ESET Insiders

Thanks Marcos! I will roll back my Laptop now to the image that has NOD 32 installed on it. I've been using a different AV for the past 5 days because I cannot use NOD 32 until this is resolved. I kinda figured there must be something in the registry that had to be edited to enable the hot key function. I will try it now.

Link to post
Share on other sites
  • ESET Insiders

Swex, thanks for letting me know it worked for you! Are you still having problems with Windows hanging during boot as well? I've been having this problem for a long time, but it has gotten much worse recently. I thought it was other security products causing it until now. I uninstalled all other security products except for NOD 32, and Shadow Defender. Windows still continued to hang during boot. I uninstalled NOD 32, and used my Laptop for 3 days without it. I never had a single problem with Windows hanging. Now I have been using another AV for the past 5 days, and Windows does not hang anymore. It was definitely NOD 32 causing the problem.

Edited by cutting_edgetech
Link to post
Share on other sites
  • ESET Insiders

I have added the registry key to allow forcing Windows to perform a complete memory dump by using the hotkeys.  The only option given to me is to chose a Small Memory Dump, or Kernal Memory Dump. I am using Windows 7 X64 with 4GBs of RAM. Do I need to do something with the page file? Why am I not being given an option for a complete memory dump?

post-1030-0-34847000-1379367969_thumb.jpg

Link to post
Share on other sites
  • ESET Insiders

I found the offending registry key that was making Windows only offer a Small Memory Dump, and Kernel Memory Dump. If anyone else runs into this issue then here is the registry fix to make Windows Vista, and Windows 7 also offer a Complete Memory Dump. hxxp://famellee.wordpress.com/2011/06/16/the-missing-full-memory-dump-option-in-windows-7/

Edited by cutting_edgetech
Link to post
Share on other sites

Swex, thanks for letting me know it worked for you! Are you still having problems with Windows hanging during boot as well? I've been having this problem for a long time, but it has gotten much worse recently. I thought it was other security products causing it until now. I uninstalled all other security products except for NOD 32, and Shadow Defender. Windows still continued to hang during boot. I uninstalled NOD 32, and used my Laptop for 3 days without it. I never had a single problem with Windows hanging. Now I have been using another AV for the past 5 days, and Windows does not hang anymore. It was definitely NOD 32 causing the problem.

Hi, no I don't have a problem with Windows hanging, but another problem with an Svchost.exe process starting to use 99% CPU when ever it likes, wich could be connected to the V7 BETA and that's why ESET requested a full mem dump from me. :)

 

Great to see you found a solution to your issue were you couldn't set it to create a full mem dump. 

Edited by SweX
Link to post
Share on other sites
  • ESET Insiders

I'm not having any luck. I was able to make all the registry changes as directed, but i'm still unable to make Windows Dump it's memory with the Hotkeys. Nothing happens at all when I hold down the right most Alt key, and press Scroll Lock twice in a roll. Num Lock, and Scroll Lock is the same key on my Laptop. Maybe I should define a different key Combo to initiate the Memory Dump. Does anyone have any advice?

Link to post
Share on other sites
  • ESET Insiders

 

Swex, thanks for letting me know it worked for you! Are you still having problems with Windows hanging during boot as well? I've been having this problem for a long time, but it has gotten much worse recently. I thought it was other security products causing it until now. I uninstalled all other security products except for NOD 32, and Shadow Defender. Windows still continued to hang during boot. I uninstalled NOD 32, and used my Laptop for 3 days without it. I never had a single problem with Windows hanging. Now I have been using another AV for the past 5 days, and Windows does not hang anymore. It was definitely NOD 32 causing the problem.

Hi, no I don't have a problem with Windows hanging, but another problem with an Svchost.exe process starting to use 99% CPU when ever it likes, wich could be connected to the V7 BETA and that's why ESET requested a full mem dump from me. :)

 

Great to see you found a solution to your issue were you couldn't set it to create a full mem dump. 

 

I hope they discover the problem. 99% is a crazy amount of CPU! Does it happen shortly after booting or does it seem to be totally random? Do you think the start up scan could be causing it?

Edited by cutting_edgetech
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...