Virus Signature Database Updates 5417 – 5418 Error Brief

Next story

Virus Signature Database Update 5417 and 5418 of ESET Security products NOD32 and Smart Security may have caused an "ekrn.exe" error. The update 5417 was released on September 2, 2010 at 10:23 CET (08:23 GMT) and was made to enhance a part of the scanning engine that deals with script malware. This error has in some cases caused “ekrn” crashing, systems not responding and threat notifications with blank name fields.

ESET has responded immediately to resolve the issue, releasing a corrected Virus Signature Database update 5419 at 16:33 CET (14:33 GMT).  In most cases, updating your ESET security product and restarting your PC will resolve any issues you are experiencing as a result of this error.


ESET apologizes for any inconvenience the above-mentioned error caused our customers and would like to assure our clients that ESET Technical Support Division is working 24/7 to find the best way to address any problems our customers are facing.


If you continue to experience problems after completing all the steps described in this document, please click here to contact ESET Customer Care or call ESET’s Support Service.


We are constantly updating our Main KB article regarding this issue: http://kb.eset.com/esetkb/index?page=content&id=NEWS101

What has happened and ESET’s Emergency Response Plan:

  • On September 2nd at 10:23 CET, ESET released the Virus Signature Database Update version 5417. This version contained a bug which could potentially cause an error during the update process – however this bug did not manifest itself until later in the day.
  • On September 2nd at 14:36 CET, ESET released the Virus Signature Database Update version 5418. This version contained the same bug as version 5417 and this update triggered the error described in our KB article. As soon as we found out about this issue, we immediately deployed our Emergency Response Plan, part of which was stopping ESET update servers to prevent more users becoming affected. Unfortunately, since the bug was already present in the 5417 version, this meant that there were many computers potentially prone to the error. Several symptoms of the error were reported, ranging from simple “ekrn” crash with no further troubles, to application and computer freezes or problems with network services.  ESET’s developers immediately started working on the fix.   
  • On September 2nd at 16:33 CET, ESET released the Virus Signature Database Update version 5419 which already contained the fix for the error. Unfortunately, it was not possible to prevent manifestation of the bug in cases when computers were updating from faulty versions 5417 or 5418.

How to solve the problem?

  • In most cases, updating your ESET security product to version 5419 or higher and restarting your computer will resolve any issues you are experiencing. If any problems persist after  updating and restarting your ESET security product, then restart again. If you still experience issues after restarting twice, uninstall and reinstall your ESET security product. As of now we have multiple reports that version 5419 and later (after restart) is stable and that no further issues or symptoms appear.

Solution for Business Customers:

  • If you are using a mirror server, make sure the mirror already contains the version 5419 or later.

How did this Virus Signature Database Update get through our Quality Assurance process?

  • ESET was enhancing a part of the scanning engine that deals with script malware. These enhancements were included and released in update 5417. The code contained an error that manifests itself when memory is freed during the update process. As a consequence, ESET service process can become unstable leading to unpredictable behavior or system crash.
  • Because of the nature of the problem, the erroneous behavior was observed only after update 5418 was released. Immediately after the problem was identified, emergency rescue plan was initiated.
  • ESET Quality Assurance process contains procedures before each update is released. In case any changes to the engine code are made, the procedure is a lengthy and complex process. In this case, the procedure did not reveal the problem because it involved  updating to the next version (non-existent at the time of testing) and this scenario was not fully covered.

What is ESET going to do to prevent a repeat of this situation?

  • We will undergo an audit of its Quality Assurance process.
  • We will elaborate on the procedure used when adjusting the code and we will carry out simulations of updates to new versions.
  • We will employ to a greater extent the use of our pre-release servers, subjecting updates to extensive testing with several update phases.