Jump to content

JozefG

ESET Staff
  • Posts

    39
  • Joined

  • Last visited

About JozefG

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Slovakia

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @waluigiguatemala Does your issue with newer versions lie within Advanced Setup?
  2. Do I understand it correctly that if Shadow Defender's Shadow Mode is not active it does work correctly? From the description of Shadow Mode it looks like it may prevent some things to be done correctly.
  3. They were some things that it should recognize, but due to some other things missing it failed to detect them. Glad to hear that either way your logs helped us identify some places to improve in Uninstaller.
  4. Which version was installed? Was MalwareBytes installed alongside ESET or afterwards? According to Windows event logs MSI found multiple installations. These events from around same time. Windows Installer installed the product. Product Name: ESET NOD32 Antivirus. Product Version: 4.0.68.0. Product Language: 1051. Manufacturer: ESET, spol s r. o.. Installation success or error status: 1603. Windows Installer reconfigured the product. Product Name: ESET Security. Product Version: 11.2.49.0. Product Language: 1033. Manufacturer: ESET, spol. s r.o.. Reconfiguration success or error status: 1603.
  5. @Prayer1 Which version of ESET product do you have installed? Are you asking about postponing ESET updates to newest product version?
  6. @SeriousHoax @itman are you having these issues with Security Center integration module 1029? If so please provide logs.
  7. Yesterday new Security Center integration module: 1029 was released to pre-release channel. Can you try this module and see if it fixes your issue? There were some timing related issues combined with possible long initialization inside WSC fixed. There might be slight chance of Defender starting even with all these fixes caused by long initialization in WSC itself.
  8. @itman@VanBuran would you be interested in testing module that should hopefully fix this issue?
  9. Not this again You say both working correctly I see Defender being the active one according to logs. Which means both realtime protections are running. From our logs I can see that once the wscsvc is running we try to update AV state to On we get E_PENDING results from AV API. After that we find out, through WSC public API, that we are unregistered(!!!) so we try to register and get E_PENDING again. Next we try to recover from that, but seems that there is some race condition which can be fixed rather easily. But again we get E_PENDING error for status update. Real question is why do we find ourselves unregistered after some reboots as we definitely do not unregister unless it is needed/requested e.g. full uninstall. Possible cause could be that WSC cannot get some data.
  10. According to logs last attempt was correct and we should be both on. Is it like that? There is visible one reporting of Off state from today morning. It seems you started logging after it happened. Off is usually tied with disabling of RTFS in advanced setup or if the license is expired and there is outdated detection engine. Please turn on this logging and try to reproduce it after it is reproduced turn it off and collect via LogCollector.
  11. @davidovitch Note that Windows Security Center service is delayed start service. Until it starts we cannot report anything as there would be bunch of errors. Can you please share screenshot of such alert?
  12. @jfksdt45245 Please if you are able to reproduce the issue continue according to @Marcos response. Those logs could tell us closely what is happening. Also that registry key should not be issue as we use dedicated private Windows API.
  13. TLDR; No. We are required by Microsoft to communicate with WSC in order to be an antimalware provider.
  14. @FRiC Can you please put machine to normal state and create ETL log from boot until the issue manifests? Do you happen to have some ESMC policy sent to application that could disable RTFS? Also it seems that you have Defender disabled via GPO(not critical issue). Edit: send please ELC log so I can see event logs
  15. @FRiC Something is really weird going on here. There is just too many ETL logs. Also according to Application event log 10/28/2020 12:28:58 PM The Windows Security Center Service has started. ... 10/28/2020 12:31:30 PM The Windows Security Center Service has stopped. 10/28/2020 12:34:38 PM The Windows Security Center Service has started. 10/28/2020 12:34:38 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:34:40 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:43:23 PM The Windows Security Center Service has stopped. 10/28/2020 12:47:20 PM The Windows Security Center Service has started. 10/28/2020 12:47:21 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 12:47:22 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_OFF. 10/28/2020 12:47:22 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 1:26:24 PM The Windows Security Center Service has started. 10/28/2020 1:26:24 PM Updated ESET Firewall status successfully to SECURITY_PRODUCT_STATE_ON. 10/28/2020 1:26:24 PM Updated ESET Security status successfully to SECURITY_PRODUCT_STATE_ON. according to system event log there seems to be reboots triggered 10/28/2020 12:25:53 PM The process C:\Windows\System32\RuntimeBroker.exe (RMP01) has initiated the restart of computer RMP01 on behalf of user RMP01\itp for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: restart Comment: 10/28/2020 12:31:22 PM The process C:\Windows\System32\RuntimeBroker.exe (RMP01) has initiated the restart of computer RMP01 on behalf of user RMP01\itp for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: restart Comment: Is the machine rebooting by itself?
×
×
  • Create New...