Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by itman

  1. JS/scrinject.B is a common Eset false positive detection. We'll have to wait to see what @Marcos determines based on his review of the OP's logs.
  2. Are you logged on to Windows under the default limited admin account? If you are logged on under a standard user account, it doesn't have sufficient privileges to install Eset. Is this device part of a corporate network? If so, the system admin might have employed group policy restrictions on user devices to prohibit any software installation.
  3. If users can access endpoint security firewall settings, they can do anything they want including creating rules, profiles, you name it:
  4. There is no way to download an update per from the Eset web site. You download the full off-line installer for the respective Eset product you are using; EIS, ESS, or NOD32. You then install that product. If an existing like product is currently installed, the installer will retain all your existing product settings but replace the existing Eset version with the new version. If the NOD32 off-line installer was downloaded and installed with EIS currently installed, I assume it would install a NOD32 version running along side of the EIS version. Or, it is possible the NOD32 installer would just uninstall EIS and then install NOD32. If this occurred, I assume all your EIS settings would be lost since there are settings not common to both products. The third possibility is the NOD32 installer would auto terminate after it detected that EIS was currently installed.
  5. Assuming different firewall profiles have been set up, the following is how to switch a firewall profile per Eset online help. The quote is from EIS, but I assume EES works the same way. The main question is if this is something you want to allow your users to do:
  6. True. But what the OP stated was somehow after an in program Internet Security update, his Eset version was changed to NOD32. No mention is made of a licensing change. How something like this could happen is a complete mystery.
  7. https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/ Bottom line - if you allow remote access to your router, you must secure it with a strong admin password.
  8. FYI in regards to anyone using Win 10 Insider builds: https://www.onmsft.com/news/kaspersky-declines-support-windows-insider-builds-windows-10 To the above, I add that just because Eset runs w/o issue on a Win 10 Insider build does not imply it is working properly. In other words, it is "user beware" in this regard.
  9. It helps very much. Eset doesn't officially support Win 10 Insider builds.
  10. Now this is a strange one. I enabled Driver Verifier to scan all drivers loaded at boot time. PC slowed to a crawl at boot time but there was zip issues with any of Eset's drivers. Now none of Eset's stub .dll drivers showed as loaded. But I beleive ekrn.exe loads those into kernel space subsequent to boot time. So I am leaning toward an issue with recent Win Updates which are causing blue screens on a limited number of select Win 10 devices regardless of AV installed. Appears whatever those updates did is not "playing well" with select Eset drivers loading at boot time.
  11. I assume you mean you're using Windows Defender. As such, you want to keep "Launch of anti malware protection" enabled so the WD ELAM driver loads. With Eset uninstalled, there will be no launching of its ELAM driver at boot time.
  12. For those whom have received this boot screen due to eamonm.sys, someone opened another thread that they were getting, Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION, from it: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception . Is this what is being displayed on your blue screen?
  13. Stop error 0xc0000428 is related to Win BOOTMGR corruption. Can be fix manually using Fix #2 in this article: https://neosmart.net/wiki/0xc0000428/ . The question for Eset to explore is why edevmon.sys is causing it. This also might be related to recent Win 10 updates that have been causing blue screens on select devices. -EDIT- I would try the below first to see if this will allow you to boot successfully into Win 10. If this succeeds and the same blue screen occurs the next time you boot, repeat the procedure and uninstall Eset until the issue is resolved: https://www.thewindowsclub.com/digital-signature-for-this-file-couldnt-be-verified-0xc0000428
  14. FYI: https://www.techinpost.com/blue-screen-driver-corrupted-expool-windows-bsod-pc-error-issue/ . However:
  15. You are correct. This is how a standard user account works by default unless overridden by Group Policy.
  16. You can disable admin approval mode for the built-in default admin account via Group Policy: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account . Note: doing this puts you at considerable risk since no UAC alerts will be displayed. If a APT attacker drops malware abusing a Win trusted system utility that can perform hidden admin elevation, you won't be aware this has taken place. This is why security experts recommend UAC be set to its highest level versus its default level. I assume the above will also eliminate the UAC alerts being generated by Eset.
  17. Actually, you run as a limited admin and Windows prompts via UAC when full admin privileges are required. Also in Win 10, you can't log on as full admin since Microsoft removed the account on the Home versions. You can create a standard user account and log on under that. You won't get any UAC alerts since anything requiring admin privileges will be automatically blocked. This includes Eset GUI modifications.
  18. It is not advisable to download/create SysRescue media on a compromised system. Try to do so on a device known to be malware free and see if this resolves the updating issue.
  19. https://support.microsoft.com/en-us/help/310049/hyperlinks-are-not-working-in-outlook
  20. I also believe that this issue has nothing to do with eamonm.sys. It is highly unlikely that Eset's ELAM processing would refuse to load its own driver. Even if it did, eamonm.sys is not a critical OS driver. A boot-time blue screen would not occur from not loading it. Now if eamonm.sys was corrupted in some way, that could cause a boot-time blue screen. But a subsequent uninstall/reinstall of Eset should have corrected this. However if Eset uninstaller tool run in Safe mode was not deployed, it is possible the corrupted eamonm.sys driver remained in the Win driver directory. And a reinstall did not replace it since it already existed?
  21. https://support.eset.com/en/kb3509-how-do-i-use-eset-sysrescue-live-to-clean-my-computer
  22. You shouldn't in recent Eset versions installed on Win 7+ Win versions. The network adapter mini-port filter you are observing appears to be a holdover from earlier Eset versions. Current versions of Eset use the Windows Filtering Platform to monitor Internet network traffic. You should be able to uninstall the Eset network adapter as follows: https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool
  23. No. Eamsi.dll is still being loaded into select Win processes Eset monitors by this. Also, this would not cause a BSOD at boot time since the .dll injection is done subsequent to that.
  24. In regards to the original posting reference to disabling early launch anti-malware driver via boot startup option, a quick review on what it does: https://www.top-password.com/blog/disable-early-launch-anti-malware-protection-in-windows/ Since the majority of Eset ver. 13.1.16 upgraded devices have no issues in this regard, it would appear that on a few select Eset installations its ELAM driver is detecting an existing driver as malicious. The key to resolution is to find out which driver is being detected as malicious. One way to do this is to enable Win 10 boot logging as follows: https://www.windowscentral.com/how-enable-boot-log-windows-10. Reboot. Then using Notepad, print the ntbtlog.txt file located in C:\Windows. Now install Eset ver. 13.1.16. Reboot. PC should blue screen at boot time. At this time, you can either boot into Win 10 recovery environment and disable ELAM, or boot into safe boot. Then again uninstall Eset. When you do get Win 10 successfully rebooted, again print out ntbtlog.txt. Now compare the two printouts. From the bottom of the printout, work upward till you find the boot log section with entries associated with the blue screen. The last driver shown in that section will be the last driver successfully loaded. Now find that driver on the earlier ntbtlog.txt printout. The next driver listed on the earlier printout should be the driver Eset ELAM processing refused to load and aborted the Win 10 boot.
  • Create New...