Jump to content

HIPS disabled after NOD32 update


Samoréen
 Share

Recommended Posts

Hi,

I'm re-posting this issue with a title change since this problem is not version specific. It appeared with version 9.0.402 and is still there in version 10.1.204.0. It seems to be Windows 10 specific.

The problem seems to appear when your TMP/TEMP variables point to a non default folder

The problem :

After updating NOD32, the program tells you that your system is not protected. HIPS is disabled.as well as many features. NOD32 becomes totally useless. This is due to some drivers that could not be installed (see below).

My temporary fix :

  1. In the ESET interface, go to Tools | Logs | Events and note which drivers have not been installed (generally eamonm.sys and/or ehdrv.sys and/or epfwwfpr.sys).
     
  2. Reboot Windows in safe mode.
     
  3. In Windows Explorer, go to C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers. Open the sub-folder corresponding to the driver that failed to install, right-click the corresponding .inf file and select Install. The driver installation should be acknowledged by Windows. Reboot only after installing all involved drivers.
     
  4. Restart the system. Everything should be OK.

Since the above mentioned drivers can be installed in safe mode (NOD32 not running) but not from an administrator account, it seems that NOD32 is shooting itself in the foot. Apparently, this is not a permission problem since only the installation of these particular drivers fails.

I didn't add C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers to the exclusion list and I don't see any good reason to do that but who knows ? Just waiting for advice about that from the support or from  the ESET reps on this forum. I didn't get much help since I reported this problem 9 months ago.

Edited by Samoréen
Diagnostic more accurate now
Link to comment
Share on other sites

  • Administrators

If you are able to reproduce it, please generate a Process Monitor log during upgrade from v9 to v10. When done, compress it, upload it to a safe location and pm me a download link.

Link to comment
Share on other sites

Hi Marcos,

I guess you mean when updating from 10.1.204.0 to the next one ?

Edited by Samoréen
Link to comment
Share on other sites

Also, what is the name of the process that I should monitor ? The MSI service ? Or merely the installer program ?

Edited by Samoréen
Link to comment
Share on other sites

  • Administrators
9 minutes ago, Samoréen said:

Also, what is the name of the process that I should monitor ? The MSI service ?

Monitor all processes, ie. don't use any filter. Upgrade should not take more than a few minutes so the generated log should be too big.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...