Ali Akbar 0 Posted August 29, 2018 Share Posted August 29, 2018 I'm trying to install ESET Endpoint Security v7 in one of my client PC. The error that i keep getting is "ESET' service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services" Windows OS : Window 7 Professional Action taken so far, uninstall ESET Product (v6, Product + Agent ) using ESET Uninstaller) ,I alse have tried to install v5 and v6 as well still getting same error. What is the solution for this ?Kindly anyone please help Attach together the logs from procmon, install log. install.log setupapi.app.log setupapi.dev.log Logfile.rar Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 29, 2018 Administrators Share Posted August 29, 2018 We'll need ELC logs from the machine. Something is causing ekrn to take too long to start until it times out. Link to comment Share on other sites More sharing options...
Ali Akbar 0 Posted August 30, 2018 Author Share Posted August 30, 2018 Hi Marcos, Please find attached file for ESET Log Collector logs and also logs from ESET SysInspector SysInspector-FARMASI-NURMAIS-180830-085017.zip ELC_logs.zip Link to comment Share on other sites More sharing options...
Ali Akbar 0 Posted August 31, 2018 Author Share Posted August 31, 2018 Hi @Marcos Any update on this ? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 31, 2018 Administrators Share Posted August 31, 2018 You have a rootkit in the system. In safe mode, delete the files c:\windows\system32\drivers\winmon.sys and c:\windows\system32\drivers\winmonfs.sys. If necessary, boot from a clean medium (e.g. ESET SysRescue) first. Link to comment Share on other sites More sharing options...
Ali Akbar 0 Posted September 6, 2018 Author Share Posted September 6, 2018 Hi @Marcos I've tried the solution given by you but still failed to installed it. Kindly please advise . Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 6, 2018 Administrators Share Posted September 6, 2018 Please provide fresh ELC logs so that I can make sure the drivers are no longer loaded. Beforehand I'd suggest running the ESET Uninstall tool in safe mode and trying to install Endpoint v7 from scratch. Should the problem persist, also create a Procmon log from installation. Link to comment Share on other sites More sharing options...
Recommended Posts