Wednesday, September 8, 2010

ESET NOD32 and blocked HTTP requests

Users complaining they do not have internet access and cannot POP their email from server. Turns out network connections are fine (can ping, telnet, ftp etc) but all HTTP and SMTP requests were blocked. First thought, there is a nasty virus or malware lurking around the network. But no... turns out NOD32 (our virus and spyware protection software) was the culprit itself. In order to provide it's "Web access protection" and "Email client protection" it creates a local proxy to filter all requests. Well, somehow (yet to be determined) the proxy was hung or crashed in some way that blocked all Http and SMTP requests. For most machines, this was fixed with a simple restart of the computer, others, NOD32 had to be reinstalled.
While I dont yet have a firm solution to the problem or a determination as to what triggered it, I do know that at the time of the NOD32 issues, our central NOD32 server was very slow and nearly non-responsive. Why that would cause clients to hand, idk, but at this point, it is the only indication of a possible trigger.

I will follow up with any new solutions. Please post here if you have more info. Thanks.

We are currently running ESET NOD32 on Windows XP sp3 clients.