Jump to content

Corso

Members
  • Posts

    62
  • Joined

  • Last visited

Posts posted by Corso

  1. Event ID 5038  Security-Auditing


    I upgraded to latest version 13.1.16.0 and i get Event ID 5038 Security-Auditing in Event log.
    I uninstalled first the old version of ESET internet security and installed this latest version.
    There are no problems with my disks. I have tested them thoroughly. Everything seems to work just fine.

    I get this everytime i start my computer now after the upgrade.
    How do i fix this error and what is it about?


    Windows 10 Pro x64 18363. 752 version 1909
    ESET Internet Security 13.1.16.0

     

    Event ID 5038 Security-Auditing


    Code Integrity has determined that the image hash for a file is invalid. The file may have been damaged by an unauthorized change or it may indicate a failure on the disk drive.

    File Name: \ Device \ HarddiskVolume6 \ Program Files \ ESET \ ESET Security \ eamsi.dll


    - System

       - Provider

        [Name] Microsoft-Windows-Security-Auditing
        [Guide] {54849625-5478-4994-a5ba-3e3b0328c30d}
     
        EventID 5038
     
        Version 0
     
        Level 0
     
        Task 12290
     
        Opcode 0
     
        Keywords 0x8010000000000000
     
       - TimeCreated

        [SystemTime] 2020-03-25T12: 53: 17.121712100Z
     
        EventRecordID 285207
     
        correlation
     
       - Execution

        [ProcessID] 4
        [ThreadID] 460
     
        Channel Security
     
        Computer
     
        Security

     

    - EventData

       param1 \ Device \ Hard DiskVolume6 \ Program Files \ ESET \ ESET Security \ eamsi.dll

     

  2. On ‎2018‎-‎04‎-‎28 at 8:24 PM, Marcos said:

    It was addressed about a week ago in HIPS module 1317 which is currently available on pre-release update servers.

    Have just installed it and no, it's not fixed with module 1317 installed with pre-release v 11.154.0.  Same error in event log.

    After a couple of reboots the error have changed to another error instead:

    The application-specific permission settings do not provide Local permission Launch for the COM server application with the CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
      and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
      to the user C \ A SID (S-1-5-21-3952601726-1600335574-1119794870-1001) from the LocalHost (with LRPC) address running in the program container Not Available SID (Not Available). You can change the security permissions using the Component Services Administration Utility.

     

    I have Windows 10 pro x64 1803 17134.1

    Detection Engine: 17312P (20180501)
    Rapid Response module: 12034 (20180501)
    Update module: 1014 (20180123)
    Antivirus and antispyware scanner module: 1538.1 (20180426)
    Advanced heuristics module: 1187 (20180328)
    Archive support module: 1273 (20180309)
    Cleaner module: 1157 (20180319)
    Anti-Stealth support module: 1131 (20180424)
    Firewall module: 1374.1 (20180410)
    ESET SysInspector module: 1271 (20180305)
    Translation support module: 1678 (20180410)
    HIPS support module: 1317 (20180417)
    Internet protection module: 1331 (20180409)
    Web content filter module: 1058 (20170406)
    Advanced antispam module: 7262P (20180501)
    Database module: 1097 (20180320)
    Configuration module (33): 1659.4 (20180412)
    LiveGrid communication module: 1045 (20180410)
    Specialized cleaner module: 1012 (20160405)
    Banking & payment protection module: 1128 (20180413)
    Rootkit detection and cleaning module: 1019 (20170825)
    Network protection module: 1648P (20180430)
    Router vulnerability scanner module: 1046 (20180314)
    Script scanner module: 1037 (20180417)
    Connected Home Network module: 1019.1 (20180220)
    Cryptographic protocol support module: 1027 (20180404)

  3. 1 hour ago, Marcos said:

    I've double checked and HIPS 1317 is indeed on pre-release update servers. Also users in the linked topic confirmed that the new HIPS module resolved the issue.

    As i said, I didn't get that HIPS update 1317 with pre-release on, with 11.1.54 earlier today. Maybe it does right now but it doesn't matter anymore I'll  stick with 11.0.159 for now.

  4. 55 minutes ago, Marcos said:

    Did you try switching to pre-release updates? Please read my last post at

    .

    There's so many threads people link to here. It gets confusing. Mine about this issue were closed.

    I'm back at 11.0.159.9, but i did try pre-release too in latest v11.1.54, and the latest HIPS i got downloaded available were 1315 and not 1317.

  5. On ‎2018‎-‎03‎-‎22 at 1:33 PM, Marcos said:

    Update to v11.1.42 is not currently available. We will resume upgrade to the new version next week.

    How do i stop the new PCU update to the new version, when you do resume the PCU update?

    Can't find any settings for that in advanced settings in EIS.

    I don't wanna be forced to update when that version had problems, and my current version is working great now (11.0.159.9) 

  6. 5 hours ago, Marcos said:

    Do you have any issue with protection modules because of the error? Does temporarily disabling Self-defense and rebooting the machine makes the issue go away? If not, does temporarily uninstalling ESET make a difference?

    This version feels a bit sluggish compared to earlier versions, but seems to work as aspected.

    How do i temporarily disabling Self-defense?

    In advanced settings? Or just disable in the GUI?

    When EIS is uninstalled, there's no error.

     

    Is there a way to make the error go away in the eventlog then?

     

  7. Latest version of EIS 11.1.42.0 shows error in eventlog with: ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

    on every boot. No former versions have ever done that. I have clean installed v 11.1.42.0 from scratch and used uninstall tool in safe mode several times.

    How to fix?

     

    Windows 10 Pro x64 1709 16299.309 (all up to date)

    EIS v11.1.42.0

    Detection Engine: 17084 (20180319)
    Rapid Response module: 11793 (20180319)
    Update module: 1014 (20180123)
    Antivirus and antispyware scanner module: 1535 (20180202)
    Advanced heuristics module: 1184.1 (20171212)
    Archive support module: 1272 (20180122)
    Cleaner module: 1154 (20180222)
    Anti-Stealth support module: 1128 (20180316)
    Firewall module: 1373.1 (20180103)
    ESET SysInspector module: 1270 (20170808)
    Translation support module: 1672 (20180309)
    HIPS support module: 1313 (20180227)
    Internet protection module: 1328 (20180226)
    Web content filter module: 1058 (20170406)
    Advanced antispam module: 7064 (20180319)
    Database module: 1096 (20180202)
    Configuration module (33): 1659.1 (20180315)
    LiveGrid communication module: 1043 (20180205)
    Specialized cleaner module: 1012 (20160405)
    Banking & payment protection module: 1126 (20180309)
    Rootkit detection and cleaning module: 1019 (20170825)
    Network protection module: 1628 (20180319)
    Router vulnerability scanner module: 1045 (20180131)
    Script scanner module: 1033 (20180228)
    Connected Home Network module: 1019.1 (20180220)
    Cryptographic protocol support module: 1025 (20171106)

     

  8. It came back again on my computer now.  Same thing again. My internet Connection works, but sometimes this forum is gone, nothing shows in the browser. Sure this is not some problem with esets server? Otherwise my internetconnection works fine to browse around the net. This message never happened on earlier versions v7, 8, 9, and 10 versions of eset.

    Detection Engine: 16315 (20171027)
    Rapid Response module: 10983 (20171027)
    Update module: 1010 (20170621)
    Antivirus and antispyware scanner module: 1531.2 (20171024)
    Advanced heuristics module: 1180 (20170914)
    Archive support module: 1269 (20170913)
    Cleaner module: 1149 (20171023)
    Anti-Stealth support module: 1117 (20171011)
    Firewall module: 1371 (20171013)
    ESET SysInspector module: 1270 (20170808)
    Translation support module: 1637 (20171016)
    HIPS support module: 1301 (20171016)
    Internet protection module: 1318 (20171002)
    Web content filter module: 1058 (20170406)
    Advanced antispam module: 6355 (20171027)
    Database module: 1093 (20170725)
    Configuration module (33): 1565 (20170919)
    LiveGrid communication module: 1022 (20160401)
    Specialized cleaner module: 1012 (20160405)
    Banking & payment protection module: 1114 (20171018)
    Rootkit detection and cleaning module: 1019 (20170825)
    Network protection module: 1560 (20171026)
    Router vulnerability scanner module: 1041 (20170925)
    Script scanner module: 1024 (20171019)
    Connected Home Network module: 1017.1 (20171018)
    Cryptographic protocol support module: 1022 (20170921)

  9. 5 hours ago, cyberhash said:

    I also have the EVENT ID 64 certificate problem showing in event viewer . i have checked this using MMC from cmd prompt and using the certificate snap in to check it. It appears to be an expiring certificate today 26/10/17 , for an xbox live certificate and i imagine that will be auto updated by microsoft via the xbox app (win update/store) at some point without any user intervention. This wont be causing the issues with your Livegrid though.

    If you are still having problems with connections to livegrid, maybe temporarily pausing the realtime protection in malwarebytes to see if that will cure the problem ???




     

    cert.jpg

    Aha, Xbox...thank you very much for the info! That makes sense, since i installed Xbox app some days ago.

    Using MMC from cmd prompt and using the certificate snap in. Ok, i see. Good tip! If it doesn't get autoupdated i'll try that.

     

    I did purge ESET and reinstalled it. There was a strange error when i uninstalled it, and used eset uninstaller tool in safe mode, but that did also get the same errors, some keys it couldn't delete, so i run regedit with trustedinstaller privilege instead, and managed that way delete those stuck keys that eset uninstaller tool couldn't. Reinstalled eset 11 today and have since then been running fine now. Hopefully will continue to run fine. Maybe it was those keys in registry causing the problem with livegrid.

    Thank you very much, Cyberhash for you help. Much appreciated.

  10. 12 hours ago, Marcos said:

    Is the CloudCar test file detected upon download as "Suspicious object"?

    Yes, it is detected. I have just purged ESET and reinstalled it from Clean slate now.

    It's been a couple of minutes now and have rebooted so, so far so good. Have to see now how it works out.

     

    8 hours ago, cyberhash said:

    @Corso
    Reason i asked was to see if you had any third party application that was interfering with your ESET product communicating properly with livegrid when your system boots.

    The first address 46.4234.125.89 resolves to superhosting.cz and the second goes to nfoservers.com .

    Maybe both related to a game that you have been playing online ?

    You don't have any other security or game app installed that could be blocking it's access ??
    Like the apps you can use to filter games like CSGO from connecting to servers from certain countries ??

    Plus checking the troubleshooting wizard again , immediately after booting and not running any apps might help :)

     

     

     

    Thanks for the info! Good to know.

    Yes, i play some games online :)

    I just have malwarebytes installed as premium. It's not been any problem in any earlier ESET versions though.

    I do have one other fishy problem in event log i never had Before ever:

    EVENT ID 64 CertificateServicesClient-AutoEnrollment

    "The certificate of local system account with the thumbprint d4 de d7 6e 92 de cf 20 b7 and 79 57 0f 93 2a 14 04 19 8c ae has expired or will expire soon."

    some certificate problem. Have no idea how to fix that, and if that could be the reason with eset?

    ____________________________

    My info:

    Windows 10 Pro x64 version 1709 build 16299.19 (Official non-insider)

    Eset Internet Security 11.0.144.0

  11. Thanks for the reply and and help, appreciate it!

    Yes, i have no idea what these are, there are Three:

    NT Kernel & system remote adress 46.234.125.89

    prague-ping-1-cdn77.com
    46.234.125.89

    Communication denied by rule Block ICMP communication

    Unknown device
    74.91.116.215
    Packed blocked by active defense (IDS)

    ---------------------------------------------------------------------

    Could these be something causing it?

     

     

  12. In the new version of Internet Security 11.0.144.0 i get this message in the mainGUI, saying"  the eset live grid servers cannot be reached".

    and "ESET Live grid is not accessible"

    There's yellow around the main gui as well, but there's nothing i can do in the GUI.

    How do i fix this?

     

    Never ever had this in all the former versions of EIS.

     

    Haven't changed anything specific in the settings.

    Everything else seems to work fine, but this message won't go away.

     

  13. 14 minutes ago, Marcos said:

    This option will be brought back in v10.2. To put it right, I didn't mean to discourage you from upgrading to 10.1 or newer versions; it's important to always use the latest version for good reasons. Only in case you often use the function for temporarily pausing protection from the tray icon menu, you might not want to hurry with upgrade to 10.1.

    I understand it's always important to use the very latest version, so i always do that. In the latest version to date, 10.1.204 the tray option is gone. That's why i hope it will be back again soon. But as you say it will be in v10.2. Thanks for the info!

×
×
  • Create New...