Jump to content

Major security issue and update settings not honouring config.


Recommended Posts

Posted

So on my win7 desktop running nod32 av v8 I have updates set to auto install definitions, but the program updates set to ask before downloading program components.

 

To my horror a couple of weeks ago my pc was left idle overnight, when 'i woke up and started using it, nod32 was stuck updating itself in a failed state., the real time protection was disabled during this time.

 

So

 

1 - why did the AV update itself automatically ignoring how I configured it?

2 - Is this poor design to disable itself until human interaction?

 

The error was it couldnt update the nod32 service, due to the fact I had process monitor running (when process monitor is running services cannot be uninstalled/replaced).

  • ESET Moderators
Posted

Hello,

We have tested so-called micro PCU (program component update) when the version updates without the user's intervention, but only with v9 beta, not on v8.

Additionally, the update will install only after the PC is restarted, not while it is running.

 

What did the window say? Was it an update of the NOD32 Antivirus itself?

Posted (edited)

yes the installer was running and stuck on a prompt saying it could not remove the old eset service.

 

I had no eset icon in the system tray whilst it was stuck in this state.

 

After I closed process explorer I was able to finish the installation.

Edited by chrcoluk
  • ESET Moderators
Posted

Up to version 8 (including), there was no mechanism that would launch the installation without user's explicit consent.

Offered updates were either on-demand (after clicking check for updates), or promoted by a pop-up window, but in either case, the user had to first click and agree with the upgrade.

Posted (edited)

Also I should mention after the update, the program components option changed itself to update automatically, every single other setting was preserved, only that one setting changed.

 

If you guys are saying what I experienced isnt possible, I wonder now if I have some malware pretending to be nod32, hmmm.  So I might uninstall and reinstall from the installer of the website.

Edited by chrcoluk
  • ESET Moderators
Posted

I find that improbable, but you can always check the digital signature of the ekrn.exe file in our Program Files folder.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...