[Third party logo in EIS window]

OK, thank you. Yes, it was pre-installed on purchase.

[Third party logo in EIS window]

Hi Marcos, No. As I said, I'm trying to avoid that as the product is already installed. I just transferred it across to my licence in my ESET account. It has updated to a new version since I transferred it, but the logo persists.

Can I do an over the top install with the installer? I assumed I would have to remove EIS and reinstall if I went down that route? 

[Third party logo in EIS window]

Last year I bought a new laptop, which came with EIS pre-installed and licensed by the vendor for an initial period. When opening EIS, the window has the logo of the PC vendor in the lower left corner.

On expiration of the initial licence period, I transferred the licence to an unused seat on my own subscription, which is all good, but I thought that the vendor's logo might disappear after the licence change, yet it hasn't.

I know it's not the end of the world, but is there a way of removing the logo from the product without a complete uninstallation and reinstall? I'm guessing there must be a logo file in a folder somewhere, and perhaps a registry entry that could be removed?

[Eset Anti-Theft and Bitlocker PIN on startup]

Thanks Marcos 👍

[Eset Anti-Theft and Bitlocker PIN on startup]

Hello, I have a new laptop running W10 Pro, configured with local user accounts and bitlocker encryption enabled. Bitlocker is also configured to require a pre-boot PIN.

In the circumstances, is there any point in enabling Eset Anti-Theft? As I understand it, EAT relies on the device having booted and a thief logging in to the phantom account. But if they can't boot the machine in the first place...

[edevmon error while updating product]

I can't help except to say that I had exactly the same error messages during automatic update to EIS v13.2.18.0 today.

Everything seems to be working OK with no more error messages after a reboot.

I have edevmon.sys file version 10.15.30.0 installed in System32\drivers, but whether this is the current file version I can't say.

[v13.2.16.0 huge memory usage]

Thank you @Peter Randziak

Everything is still normal so far. If it happens again I will let you know.

[v13.2.16.0 huge memory usage]

Thanks @Peter Randziak,

So far, everything is normal since the reboot. If it happens again I'll do as you suggest, but I thought I ought to mention it in case there was an unknown issue with the new release, having found a similar post in the NOD32 AV forum.

@Marcos, files attached. Thank you.

 

AppCrash_ekrn_exe.zip

[v13.2.16.0 huge memory usage]

This is all I can find. It's from 24 hours ago and I don't know if it's relevant as according to the Eset log EIS successfully updated at 09:48 hrs today.

The application update to 13.2.16.0 was completed at 08:01 yesterday, around 7 hours before this log was created.

I have collected the files from C:\ProgramData\Microsoft\Windows\WER\ referred to below and can send them to Eset if required.

Log Name:      Application
Source:        Windows Error Reporting
Date:          01/08/2020 15:56:57
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      XXXX
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: ekrn.exe
P2: 10.15.29.0
P3: 5f196609
P4: ntdll.dll
P5: 6.3.9600.19678
P6: 5e82c88a
P7: c0000024
P8: 00000000000ecf40
P9: 
P10: 

Attached files:
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499

Analysis symbol: 
Rechecking for solution: 0
Report ID: 3da11dd7-d407-11ea-85f7-50e549b22cc4
Report Status: 131076
Hashed bucket: 
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-08-01T14:56:57.000000000Z" />
    <EventRecordID>305328</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HOME</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>APPCRASH</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>ekrn.exe</Data>
    <Data>10.15.29.0</Data>
    <Data>5f196609</Data>
    <Data>ntdll.dll</Data>
    <Data>6.3.9600.19678</Data>
    <Data>5e82c88a</Data>
    <Data>c0000024</Data>
    <Data>00000000000ecf40</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
C:\Windows\System32\config\systemprofile\AppData\Local\WER946A.tmp.WERInternalMetadata.xml
WERGenerationLog.txt</Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ekrn.exe_87839f69d911de32f43cbe516cfcea1a4f1c5e4b_c3d09738_cab_1a639499</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>3da11dd7-d407-11ea-85f7-50e549b22cc4</Data>
    <Data>131076</Data>
    <Data>
    </Data>
  </EventData>
</Event>

[v13.2.16.0 huge memory usage]

Rebooted. Eset has just successfully checked for and completed an update . ekrn.exe  now 125,000 KB memory in use, 0% CPU.

Will see how it goes.

[v13.2.16.0 huge memory usage]

Eset updated to v13.2.16.0 yesterday and last completed a successful definition update over 4 hours ago. Wondering why my PC has slowed to a crawl I opened Resource Monitor to find that ekrn.exe is using over 12GB of physical memory, currently 93% memory usage and still increasing. The Eset tray icon is continuously spinning and the program has been reporting "Module update in progress" for at least the last hour that I am aware of, possibly since the last update check over 4 hours ago for all I know.

I have tried clicking "Cancel Update" but it is not responding.

Current stats for ekrn.exe are

132,933 threads 18.4% CPU

Memory 12,419,948 KB

Going to try restarting my PC now...

[Error when applying differential update]

2 hours ago, Samoréen said:

Phil_S,

It would be interesting to see whether we get these notifications for the same updates. They might be triggered at a different time (or date) but they can be identified by their version number. For example, the last one that failed for me was this one

Time;Module;Event;User
08/08/2018 17:11:56;ESET Kernel;Detection Engine was successfully updated to version 17850 (20180808).;SYSTEM

The above is the success notification after 2 failed attempts.

No, as I say all updates have completed without any errors since the end of June. I'm afraid I deleted all the notifications that I has, as there have been no problems for three weeks now, and my mailbox was filling up with successful notifications due to the bug in the current version.

It is interesting though that my daughter's laptop also has an SSD.

[Error when applying differential update]

I doubt it's of any help, but since my previous post in this thread on 24th June, I had a flurry of these differential update notifications from her laptop over a period of 3 days, seemingly affecting every download attempt, but since then nothing untoward at all.

Since she has changed nothing on her laptop, I suspect some kind of external influence must have been involved.

[Error when applying differential update]

Well, my daughter appears not to have had any further reports on her laptop since first experiencing the issue in a flurry over 2 days of attempted Eset updates. She has a standard W10 laptop with a single SSD partition and a default W10 installation, so I find the discussion relating to moved swap files and temp folders a bit of a red herring, at least in her case.

@Samoreen are you still experiencing the issue? It seems to have stopped in my daughter's case, so the circumstances suggest some outside influence to me?

[Error when applying differential update]

I have just found this topic as the result of a search on error notifications that I have just started receiving from my daughter's laptop:

24/06/2018 15:29:48 - During execution of Update on the computer xxx-LAPTOP, the following event occurred: Error occurred when applying differential update to base file.

 

This has only started today, but so far I have received several notifications by email from her Eset AV. Unfortunately she is halfway around the world from me (hence the time discrepancy between the pasted notification text and my posting time) and not computer savvy, so I have no way of attempting to diagnose or obtain any logs from her machine, but I thought it worth mentioning in any case.

[Uninstalling eset Security , left PC UNBOOTABLE]

14 hours ago, Marcos said:

This is not a standard behavior and nobody else has reported an issue like this. Theoretically this could happen if edevmon.sys is removed from the disk but remains registered in the registry, e.g. when the computer is suddenly turned off or restarted before the installation / driver unregistration is completed.

I reported the same to you here on 19th March after uninstalling Eset AV 11.1.42.0 at your suggestion. I had to reinstall my system from a backup image.

 

[updated to 11.1.42.0 and settings password no longer recognised]

13 minutes ago, Marcos said:

If the uninstall completes alright, it's highly unlikely that any further BSOD or issues could be caused by ESET. Anyways, we are willing to check dumps to 100% confirm that it's unrelated.

I have nothing to check one way or another Marcos, as I've copied over the entire system from a backup. All I did though was uninstall EAV, which appeared to finish successfully, and reboot into the BSOD. The screen said that a system component was missing or unavailable, and googling 0xc0000225 seems to suggest registry corruption.

[updated to 11.1.42.0 and settings password no longer recognised]

Apparently an update should now be available to fix this. Bit late for me, as I took Marcos' advice to uninstall and re-install EAV, rebooted into a BSOD and ended up re-imaging the whole system partition from a backup

[ESET Live Grid after latest update - cannot disable, cannot enable]

Just back from uninstalling Eset AV, rebooting into BSOD 0xc0000225 and reimaging my entire partition from a backup!!!

Not the happiest I've ever been

[ESET Live Grid after latest update - cannot disable, cannot enable]

5 minutes ago, Marcos said:

The quickest and 100% working solution is to remove ESET in safe mode using the Uninstall tool and then installing it from scratch. Even if gui doesn't seem to react, the product continues to protect you from malware and update of the Configuration Engine module should fix it automatically when released.

It looks like that will mean I will lose all my settings and I can't export them first because of the password issue!

[ESET Live Grid after latest update - cannot disable, cannot enable]

30 minutes ago, Marcos said:

The new Configuration Engine is included in v11.1.4x installers which is why there's no issue with a fresh install, only with upgrade. Only users with release updates were affected because an older version of the Configuration engine was available on release update servers. Those who updated from pre-release update servers were not affected because the new CE module had been there for weeks before update to v11.1.4x.

So I've just tried to do an in place install of v11.1.42.0 full download, but it won't let me run it because it already sees the same version installed. I can't enable pre-release updates because it doesn't recognise my settings password and I can't enable LiveGrid.

I've applied for an unlock code through support but not yet had a reply and not sure if it will work given that you are saying that the configuration engine is the problem.

Please advise

[ESET Live Grid after latest update - cannot disable, cannot enable]

8 minutes ago, Marcos said:

Could you please try switching to pre-release updates in the advanced update setup to ensure that the latest Configuration Engine module is downloaded? Please let us know if that fixes the issue:

Marcos, as per my other thread, I had a settings password enabled and since this update I am also locked out of product settings because Eset is telling me that my password is incorrect, so I cannot enable pre-release updates or make any other changes whatsoever. 

[updated to 11.1.42.0 and settings password no longer recognised]

3 minutes ago, persian-boy said:

I also found the same problem but there is an easy fix for this issue just press Alt+Shift and reenter your password.

If I hold down Alt+Shift the password box doesn't accept typed characters. Tried Alt+Shift and release before typing password, also first typing password, then holding down Alt+Shift whilst clicking Enter in the dialogue box. Both methods still tell me that my password is incorrect.

I've found the Eset unlock utility via product help and am going to try that.

[updated to 11.1.42.0 and settings password no longer recognised]

Eset AV has just updated to version 11.1.42.0 - Following a reboot it is prompting me to enable LiveGrid but won't accept my settings password. It tells me that my password is wrong, so I can't accept the prompt or enter any of the AV settings to change anything

[NOD32 and Windows Update Notification]

If you do a google search for disabling Win10 update on Win 7 or similar there are numerous articles describing how to prevent Win 10 from downloading and disabling the tray notification. It involves removing three MS updates from your PC and hiding them in MS Update so that they don't download again.

 

Unfortunately MS are getting quite persistent in trying to force Win 10 and telemetry on users of older systems. I'm in that habit now of reading the published information on every update that's offered now, before deciding whether to install it.

 

One of the reasons I'm not "upgrading" to Win 10 is the lack of transparency over what updates contain and the inability of the end user to decide whether to accept them.