JozefG
ESET Staff-
Posts
65 -
Joined
-
Last visited
-
Days Won
1
JozefG last won the day on January 8
JozefG had the most liked content!
About JozefG
-
Rank
Newbie
Profile Information
-
Location
Slovakia
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Peter Randziak reacted to a post in a topic: Long black screen duration before windows login screen
-
Peter Randziak reacted to a post in a topic: Windows temp profile: user profile service failed the sign-in
-
Windows temp profile: user profile service failed the sign-in
JozefG replied to IT-user's topic in ESET Endpoint Products
Since some time ago (around Win10 RS3), windows automatically logs you in and immediately locks, so you are unlocking your PC not logging in. That could be why the hive is loaded before what you see as login. @Andrej Kuk @Jamie Reader@hack-the-planet what are the products used and their versions? -
Windows temp profile: user profile service failed the sign-in
JozefG replied to IT-user's topic in ESET Endpoint Products
Please try to switch to prerelease update channel. There is configuration module 2099.7, which should help with the issue. It is scheduled to be released on Monday. -
Glad to hear that. The 2099.7 version is scheduled for full release on Monday.
-
That is a version of operating system. But I can see that you are using 10.0 on one of the previous screenshots. That is a bit strange, we are closing the handle to those files when we get notification from system that user is logging off. It is asynchronous notification so maybe there is some race. Testers have tested that the handle is closed on log off. Can you please write down some steps for replication?
-
What version of server product are you using?
-
Are you by any chance behind a mirror? You might have to update it first. Something that I forgot to mention about the 2099.7, due to technical reasons it will work only on business products v10+.
-
Can you try to switch to prerelease update channel to get Configuration module 2099.7 and see if it helps?
-
Kstainton reacted to a post in a topic: Why was the new FDE version pulled back?
-
@mkrupa do you have by any chance a couple years old FDE policy containing proxy password and applying it together with some newly created one? If so could you try to recreate that policy from scratch and see if it helps? We noticed some issue in Agents with latest Configuration module.
-
"Browser Protection" Setting Missing from 17.0.15.0
JozefG replied to MarcFL's topic in ESET NOD32 Antivirus
Can you please share what version of Configuration Module you have? -
Tried to investigate the issue more. After checking our WSC module logs I was suspecting the read request (point no.2) to being somehow involved, as its time was very close to logged events. Using custom built 1038 without the read request issue still persists. Next I disabled startup scan as someone was mentioning it earlier in this thread. Still no luck and issue persists.
-
Windows security center service is a delayed start service by default. We have quite elaborate waiting system for that service. 1. We have a system notification registered for start of `wscsvc` service. 2. When notified by system, we try to ask via WSC API if there are some data. If it is still initializing it returns `ERROR_SERVICE_NOT_ACTIVE` 3. If that happens we register a notification to the WSC itself, to tell us when it is ready. Otherwise we start issuing requests. 4. If the initialization took more time and notification comes from WSC, we start issuing requests. Events (error) with Id 16 are expected and according to the specification from MS. If our application changes certificate, the request to update status fails with certain error. When this error occurs we are obliged to register again and then report requested status. You can see that in event log those 2 errors with Id 16 are followed by Id 15 Events (informational) that we successfully reported status. Events (errors) with Id 18 and 19, are from initialization of the `wscsvc` service itself. Actually just checking that I got those errors on my machine too on 20.11.2023, probably reboot after upgrade to new Endpoint v11. It might have been just a coincidence. Also logged 0x8007000D (should be something like `ERROR_INVALID_DATA`) is not coming from our provider requests, since the errors are followed by event with Id 1 (start of the service) and even with Id 15 (successful reports of status).