[13.0.24 is Disabled according to Windows 10 1909]

8 hours ago, itman said:

Are both devices running the same Win 10 version; e.g. Win 10 x(64) 1909?

Yes. but one is an ESET upgrade the other clean install of 0.24

[13.0.24 is Disabled according to Windows 10 1909]

Message change.

Still there but not as often. This is a total new install. I don't see that with my main machine with updated version.

[13.0.24 is Disabled according to Windows 10 1909]

4 hours ago, itman said:

Do you have any other security software installed other than Eset?

Also with Eset uninstalled, does WD Security Center show that WD is active?

Nope and Yes.

[13.0.24 is Disabled according to Windows 10 1909]

Hi all,

 

Created a new windows install. Added NOD32 latest version 13.0.24 (new install) and I get this message every time. BOTH ANTIVIRUS ARE DISABLED 😥

 

I uninstalled and reinstalled but to no avail.😩

[Version 12.2.30.0]

WOW, that was fast.  Message gone.

You can close this discussion.

Thanks.

 

[Version 12.2.30.0]

Hi,

Just installed a new version on a rebuilt computer.

Getting message about Live Grid

« The identification information to connect to Live Grid is not correct (translated) »

What's the issue ?

Thanks.

[update from 12.2.23 to 12.2.29]

Other error:

The Windows Security Center Service was unable to load instances of AntiVirus Product from datastore.

Also event 17 Security Center failed to validate caller with error DC040780.

[PGP Disk and NOD32]

On 8/16/2019 at 12:32 AM, Marcos said:

I see that PGPlsp.dll is registered as LSP in Winsock. Also you have Windows 10 installed where ekrn runs as a protected service by default.

We have recently found out that under unknown circumstances (probably after some Windows update), ESET gets removed from Winsock. Subsequently the system attempts to load a 3rd party dll into ekrn which obviously fails, causing Winsock initialization to fail as well.

What you can do is reinstall ESET so that it gets re-registered in Winsock.

Good call.

That's what I did initially.

Thanks.

[PGP Disk and NOD32]

Marcos,

Any idea about the problem ?

Thanks.

[PGP Disk and NOD32]

Live grid also locked out. Here is another report.

I have to go back to regular service. This is my main machine.

eav_logs_Part2.zip

[PGP Disk and NOD32]

18 hours ago, Marcos said:

try disabling protected service and rebooting the machine and see if it makes a difference.

Nope.

[PGP Disk and NOD32]

Here you go Marcos

eav_logs.zip

[PGP Disk and NOD32]

Hi all,

 

Just updated Symantec Encryption Desktop 10.4.2.MP3 (PGP Disk) on three machines. After each install I get Issues with NOD32 Antivirus. If I uninstall and reinstall NOD 32, issues go away. I'm not sure if the problem is related to PGP PGPWLD pwflt.dll.

One machine out of three updated without the problem of module updates not working.

I cleared the update cache to no avail.

Marcos, got any ideas why this is happening with this update of PGP and did not with other updates ? SEE Images

Thanks.

[Eset live grid servers cannot be reached]

System settings have not been modified or changed in the past month. Only added feature is update to Symantec Encryption Desktop_10.4.2 MP1 HF1

After that, issues started with server. Proxy settings were not touched. I uninstalled NOD 32 completely and reinstalled. So far, no messages. I did same update of Symantec Encryption Desktop_10.4.2 MP1 HF1 on another computer and same issues happened. I have another computer that was not updated and nothing has gone wrong so far. There seems to be a conflict between Symantec Encryption Desktop and NOD 32.

[Eset live grid servers cannot be reached]

Hi,

As title mentioned also for updates I get  

Could not connect to server. Just in case it might be related, I updated Symantec drive encryption software.

[Update 11.1.42 Event error ScRegSetValueExW]

On 2018-04-25 at 12:54 AM, Marcos said:

Please refer to my post above. The new version has absolutely nothing to do with the event in question and will be addressed in HIPS module 1316+. Currently module 1317 is available on pre-release update servers.

OK Marcos, so it doesn't. The new pre-release HIPS doesn't show the error. When is the release scheduled?

[Update 11.1.42 Event error ScRegSetValueExW]

Version 11.1.54.0

Same issue. ScRegSetValueExW  

[Update 11.1.42 Event error ScRegSetValueExW]

Quote

Currently 11.0.159 is the latest version. We plan to release a newer version 11.1.X soon and your ESET will update automatically then.

Go figure.

[Update 11.1.42 Event error ScRegSetValueExW]

19 hours ago, Samoréen said:

Also, note that the messages you get in the Events log are the same as those I got when I encountered this issue.

So, unfortunately, I tried your fix and it does not work.

I backed up to version 11.0.159.9 and no issues to report.

I really am fed up of wasting almost an hour every month to deal with issues concerning updates with my AV. I've been a long time user of NOD (since the days Aryeh was with the MVP program) and I remember that it wasn't the case with NOD in the beginning. At least if someone could explain the problem and the solution expected would be appreciated.

The new business attitude: ''The bigger you get the less you care.''

[Update 11.1.42 Event error ScRegSetValueExW]

Hi,

Thanks for your reply, but I'd really like Marcos give a clear answer as to what a final fix is.

[Update 11.1.42 Event error ScRegSetValueExW]

Marcos,

What's the fix?

[Update 11.1.42 Event error ScRegSetValueExW]

OK, so now we all agree it's a service and that this issue is a known problem with antivirus software.

My specialty is building machines and optimizing them. I don't have any knowledge in programming or maintenance of antivirus software.

This is one of the few software services that not only do I pay for but have to participate actively in it's maintenance.

 

Now I don't have any idea why I have this error but like I mentioned before, I pay for this service to fully protect my machine and even if I don't see any known issues with the software, it is very disconcerting knowing that it is flagging an error.

Some people don't believe in antivirus software but It gives me piece of mind when it works. Now it's not working properly.

 

Marcos, what's the fix please?

[Update 11.1.42 Event error ScRegSetValueExW]

1 hour ago, Marcos said:

Ekrnepfw is not a service but a driver. Does temporarily disabling Self-defense and rebooting the machine makes a difference? If not, what about disabling HIPS completely followed by a reboot?

So, then, what is this service?

 

[Update 11.1.42 Event error ScRegSetValueExW]

5 hours ago, Marcos said:

I'm not getting those records in the system event log after upgrade to v11.1.42.1. If you clear the ESET event log, are those errors logged again after a computer restart?

No it does not.

 

1 hour ago, itman said:

Here's what I believe is causing the ScRegSetValueExW Event 7006 Access denied event.

Eset has two services dependent upon ekrn.exe; ekrn and ekrnEpFw which is titled Eset firewall helper service.

The ekrn service is set to Automatic which means it is started up as part of the Windows boot process.

The ekrnEpFw service is set to manual which means it won't start until the service dependency i.e. ekrn.exe is started.

I believe the Windows Service Control Manager which manages all Windows services execution assumes manually started processes will occur sometime after the boot process has fully completed. For starters, it is unusual to have two services started by a non-Windows process. Microsoft designed svchost.exe to do that.

What I believe is happening is the ekrnEpFw service is trying to start up during the boot process due to ekrn.exe having begun execution. However when the ekrn service starts up, it does so as a protected process. When ekrnEpFw service starts up and due to its manual startup type, Service Control Manager is trying to write to its associated registry key. It can't do so since ekrn.exe which is running has prevented via its self-protection feature any writes to the registry key.

Things to explore. Perhaps make both services start Automatic - not sure of this one. Create a separate protected program to start ekrnEpFw service running as a child process to ekrn.exe? Additionally, both services are attempting to set ekrn.exe as a protected process which might also be the cause of the issue. Also the ekrnEpFw service has a dependency of the Base Filtering Engine service being started whereas the ekrn service has no dependancies. What needs exploring is if the ekrnEpFw service was set to Automatic but not protected and the ekrn.exe set to Manual but protected, would it change ekrn.exe to protected mode?

Unfortunately, the ekrnEpfw service is protected and can't be modified.

[Update 11.1.42 Event error ScRegSetValueExW]

Since update 11.1.42 an error in event log has started showing up.

ScRegSetValueExW Event 7006 Access denied.

After searching the web, I found that this error is often related to anti virus software. Kaspersky, AVG etc. have had this error. So my guess is that Eset must know the fix.

I haven't noticed any functional issues but an error related to my Antivirus software is not something that I take lightly.

So, Marcos, I created a specific post for this problem. Can you please explain the problem?

BTW, I used uninstaller to remove and reinstall software. Problem disappears for a few hours then returns.

 

Included, original install logs.