Jump to content

Norm@Home

Members
  • Posts

    55
  • Joined

  • Last visited

Posts posted by Norm@Home

  1. On 1/21/2023 at 3:24 PM, peteyt said:

    The requester mentioned he gets this if he uninstalls as well.

    I think doing an uninstall in safe mode might be the best option as it could be a borked installation 

    I'll give it a try but Eset has been installed and working for years when this problem started, my biggest concern it what I mentioned above. Suppose this problem represents Malware or virus activity despite the scans coming back negative, I remove Eset and then can't reinstall because I'm still getting this message that leaves me with a virus infected computer with no anti-virus software.

  2. 23 hours ago, itman said:

    Per this referenced Eset knowledge base article, did you run the Eset uninstaller tool in Win 10 Safe mode?

    Also, have you password protected the Eset GUI?

    No not yet, I wanted to see if there was first a way to repair this first and I usually associate this kind of error with malware activity. Btw I've run Malwarebytes and the Eset online scan and haven't turned up anything.

  3. 20 hours ago, peteyt said:

    I noticed he is also getting the error if he uninstalls instead of repairs but unsure if this is eset related as it mentions policy

    That's the thing I don't understand, I used GPEdit to check the policy key that controls that User Installations Disabled and it wasn't configured and I set it to disabled anyway and it made no difference.

  4. 16 hours ago, peteyt said:

    Are you able to instal anything else? That would confirm if the issue is correct or possibly hint at an incorrect error.

    If it is true then it sounds like there is a general issue with windows on the machine 

    I tried installing Notepad++ and I had no problem so whatever the issue is it's restricted to Eset fyi Windows 10 22H2 build 19045.2486 so how can I determine what the actual problem is and fix this?

  5. 5 hours ago, LesRMed said:

    You might try this and then reinstall from scratch. https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool. Keep running it until it comes up clean.

    I've had to do that in a couple cases over the last couple years but what worries me is the "User installations are disabled via policy on the machine" because I could end up not being able to reinstall because of that and I have to fix that first. Also if I fix that then a normal repair installation should work and not be blocked.

  6. I have a computer running Windows 10 Home that had an installation of Eset Internet Security probably version 16.x that is a general use office computer. I was going to do regular maintenance on this computer when I noticed that there was no tray icon for Eset and so I went to Control Panel / Programs and Features and attempted to do a repair install of the software. Any attempt to repair or uninstall the software results in this message "User installations are disabled via policy on the machine" however this computer is not part of a domain and group policy is not in use on it. I searched with Google and there are plenty of instances of people reporting this problem but none of the solutions provided seem to work, I used the stand alone log collector to get the logs and they are attached. How can I fix this and get Eset working again?

    20230117_Charlene Eset.jpg

    eis_logs.zip

  7. 18 minutes ago, tommy456 said:

    You may need to  download & run the ESET uninstaller tool in SAFE mode, to clean the previous installation of ESET 1st, if you haven't already done this  https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool

    As I said in my original post "When I booted into safemode and used the Eset uninstaller after that the browsers would again open normally" so I did that and it made no difference.

  8. I've got an HP Elitebook that had Eset Internet Security on it that suddenly had some kind of serious problem, I wasn't sure if it was virus or malware but both the Eset online Scanner (because the Eset GUI wouldn't open) and Malwarebytes scans came back clean. The problem was that no browser on the computer, neither Edge, Chrome or Firefox would open and if I tried to open them taskmgr would show a running process but the program window would never open. When I booted into safemode and used the Eset uninstaller after that the browsers would again open normally. I tried doing a selective startup with only Microsoft services and tried to reinstall again with the same results, the install gets to 99% and never finishes. Computer runs Windows 10 version 21H2 build 19044.1586 x64. Any ideas how to fix this?

     

    Eset Hung.JPG

  9. On 12/8/2019 at 8:56 AM, itman said:

    Review this: https://support.eset.com/en/identical-ip-addresses-detected-in-network .

    My best guess is the network adapter installed in this notebook is not assigning a unique IP address to the web camera for some reason.

    I suspect this Eset alert is an IDS one. You might have to create an IDS exception in Eset for this.

    Re "My best guess is the network adapter installed in this notebook is not assigning a unique IP address to the web camera for some reason." first off this is not a web cam installed in the notebook but a standalone security camera and the notebook does not assign it an ip address, the DHCP server on my Windows Server 2016 does all DHCP assignments.

    I looked at this a little and perhaps at the time I had it hooked up by Ethernet and wireless and they both took the same ip, I had to connect it by Ethernet in order to program the wireless so that may explain the duplicate ip address warning. So my question still is was this warning message due solely to the fact that the Ethernet & wireless adapters were using the same ip address or in addition to the dup ip address was there malicious traffic and if so what tool do I use to determine if this security camera is in some manner infected with malware or a virus? I'm attaching a picture of the camera, if you want a link to the Amazon product page let me know.

     

    SecurityCam.jpg

  10. 1 hour ago, itman said:

    Post a screen shot of the Eset alert you are receiving.

    It was a notification and it popped off before I could get a screen shot of it but the log information says:

    Time;Module;Event;User
    12/7/2019 12:47:31 PM;Firewall;Network event blocked
    Duplicate IP addresses on networkA computer on the network is sending malicious traffic. This can be an attempt to attack your computer.

    Change handling of this event;SYSTEM

    While it doesn't say it in the log entry the notification did say the ip address was the address of the camera, what do you think?

  11. I've got 3/4 computers on my home network all with Eset Internet Security, less than a week ago I added a wireless security camera to my network; it's a single inexpensive unit I bought off of Amazon. When I attached it to my network and set it up I had no warnings of any kind from any of my existing computers. A friend of mine gave me a notebook computer which I upgraded the ram and put in a new hard drive and installed the latest Windows 10 from scratch, at the point I installed EIS it gave me a warning along with the IP address of the camera saying something like "malicious content being broadcast bla bla".

    What I don't get is that my other computers are all running the same latest 13.0.24 of EIS and did not give me this warning while this new install on my friends notebook did. What could be the explanation? I've read that some cameras on Amazon were loaded with malware but that was from several years ago, how can I tell if there's really a problem and if there is then is there a way to fix it or do I just take it down and complain to the seller?

  12. 4 hours ago, Marcos said:

    Please carry on as follows:
    - delete the content of "C:\ProgramData\ESET\ESET Security\Diagnostics"
    - enable operating system advanced logging in the advanced setup -> tools -> diagnostics
    - reproduce the issue with high cpu utilization by ekrn
    - disable logging
    - compress "C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl" and supply it for perusal.

    When I go to advanced setup / tools / diagnostics there's doesn't appear to be an option for "operating system advanced logging"?

    Screen Shot 02-22-19 at 05.52 PM.JPG

  13. 8 hours ago, itman said:

    My best guess is NOD32 was not completely uninstalled and remnants of it still exist. As noted in the Eset Knowledgebase article on the installer, it is sometimes necessary to run it multiple times. It may also be necessary to manually uninstall any existing Eset drivers if they exist in Windows device manager :

    https://support.eset.com/kb2289/?locale=en_US&viewlocale=en_US

    As I mentioned at the top of this thread "As TomFace suggested, I uninstalled but using the normal "Programs and features" control panel app ended with an error something like "you may not have permissions" or some such error so I had to download the Eset Uninstaller and reboot into safe mode in order to remove the original installation. After reinstalling activation did take an unusually long time, almost an hour but it did activate. I haven't rebooted yet as the program is doing it's initial scan but also update its again "Updating product" and has been for more than an hour; this is the same problem that it had originally and this update never seems to finish. Previously no matter how many reboots the "Updating product" never finished and I have no reason to expect that this time it's going to be any different." so the original NOD32 uninstalled fine and the first install of NIS was uninstalled using the Eset uninstaller in safe mode so I'm pretty sure that the original install was removed and the first install of NIS and any remnants of it were removed by the Eset uninstaller.

  14. 6 hours ago, itman said:

    Do you have issues with other software updating? How about Win Updates - do they download and install within a reasonable amount of time?

    No, this computer had no problems up until EIS was installed and the problems started right after that and btw this computer had an older version of NOD32 which expired and I uninstalled before installing EIS and there was never any problem with that.

  15. 11 hours ago, Marcos said:

    Please create a full application memory dump of ekrn when there is a cpu spike. In the advanced setup browse to Tools -> Diagnostics, make sure that full dumps are selected (if not, select that option and click ok first) and then click Create to create one.

    Also run Procmon and leave it logging operation for at least one minute. Afterwards stop logging, save the log, compress it, upload the archive and the dump to a safe location and drop me a message with download links.

    What files exactly am I supposed to send from the diagnostics folder or use the log collector again after it finishes?

  16. I'm trying to create a full application memory dump of ekrn, I followed your directions but when I clicked "Create" to create one the button has remained greyed out for more than a half hour and I'm not sure if it's completed because I would expect the button to go back to being enabled after it's finished?

    I've attached a zipped up copy of the Procmon log file.

    Logfile.zip

  17. Now I seem to be having a different problem on this computer; if need be I'll get you another set of logs but here's the problem: it appears to have finished updating as you can see in the picture of the update screen; however there are times that ekrn.exe is maxing out the cpu and making the computer so slow that it's very difficult to use - see screen shot of Resource Monitor and there's no scan taking place?

    Screen Shot 02-20-19 at 07.31 PM.JPG

    Screen Shot 02-20-19 at 07.31 PM 001.JPG

    Screen Shot 02-20-19 at 07.30 PM.JPG

  18. 14 hours ago, Marcos said:

    Is the update status stuck on "Updating product" every time you reboot the machine? According to the logs, it was connecting to update servers and downloading stuff.

    Try holding Shift and click X to close the gui and start it again. Is the update status still stuck at "Updating product" ?
    As for the performance issue, does any of the following make a difference?
    - pausing protection
    - pausing only real-time protection
    - temporarily disabling HIPS and rebooting the machine

    The status has been stuck on "Updating product" for more than 3 days and through multiple reboots and in one case it was left running for more than 5 hours overnight and it never completed. I'll try your suggestions and get back to you.

×
×
  • Create New...