Jump to content

Archived

This topic is now archived and is closed to further replies.

saroot

EFS 7.0.12014.0 - MSSQL ERROR

Recommended Posts

8 hours ago, espkiller said:

the same problem here, some progress?

Unfortunately there are no news from Microsoft yet.

Share this post


Link to post
Share on other sites

Signtool cannot be used to determine if a dll is properly signed to meet requirements for protection of anti-malware services introduced by Microsoft in Windows 8.1. To our best knowledge, if a dll meets requirements can only be determined via a debugger and there's no command line tool that could be used for that.

In a debugger you'd get a message like

Quote

[\Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll]:
[\Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe] 0x7 > 0x1

******************************************************************


 

This break indicates this binary is not signed correctly: 
\Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll

and does not meet the system policy.

The binary was attempted to be loaded in the process:
 \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe

This is not a failure in CI, but a problem with the failing binary.

Please contact the binary owner for getting the binary correctly signed.

*****************************************************************

 

Share this post


Link to post
Share on other sites

So why is ESET the only AV that is failing this file's signature?

Share this post


Link to post
Share on other sites

Either the other AVs do not work as a protected service or they do not call a particular API function that causes the rll file to load.

Share this post


Link to post
Share on other sites

After updating ESET File Security 7.0, the same error started to appear here. I upgraded to 7.1.12006.0 and the error continues:

 

SQL Server Native Client 11.0: Unable to load sqlnclir11.rll due to either missing file or version mismatch. The application can not continue.

 

Environment: Windows Server 2012 R2, SQL Server 2012 SP4.

 

I read the posts and apparently it is Microsoft's problem, although in Google searches this error is only occurring in environment with ESET.

 

The error in the Windows log is logged in 30 minute intervals. Which process does ESET perform at this interval to generate the error?

 

Thank you,

Share this post


Link to post
Share on other sites

The same here. ESET File Security 7.0.12014.0.

Windows server 2012R2 and SQL Server 2012 Native Client.

I tried:

- Exclude path :

C:\Windows\System32\sqlnclir11.rll

C:\Windows\System32\1033\sqlnclir11.rll

C:\Windows\SysWOW64\1033\sqlnclir11.rll

C:\Windows\WinSxS\amd64_microsoft-windows-wid_31bf3856ad364e35_6.3.9600.16384_none_986967552fdc62b2\sqlnclir11.rll

C:\Windows\WinSxS\amd64_microsoft-windows-wid-x86_31bf3856ad364e35_6.3.9600.16384_none_a99acdd86e54f943\sqlnclir11.rll

 

Even tried - HIPS - Rules - Allow File with paths above.

Nothing helps.

Can you please just tell us how to exclude this file and everything will work without errors ?

 

Share this post


Link to post
Share on other sites

Weird, for us it worked. Try disabling all automatic exclusions and add them manually as per the KB article.

As of MS SQL 2016, the issue doesn't occur.

Share this post


Link to post
Share on other sites

Is restart required after all changes ? Didn't restarted server because I need wait maintenance time.

On other server the same. I have SQL 2016 on that server.

image.png.d42683a62bff2fe74c5f72216048a556.png

 

Share this post


Link to post
Share on other sites

It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed.

Share this post


Link to post
Share on other sites

 

Here it worked, no longer generating errors. I have disabled automatic exclusions for SQL Sever and include manually. We use W2012R2 and SQL Server 2012 is installed in a non-standard locall.

 

image.png.ed8caca88e1f53d183de8faf16853f68.png

Share this post


Link to post
Share on other sites
57 minutes ago, Marcos said:

It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed.

Now it stopped generating errors ?? Without restart... hmmm... OK... after disabling all automatic exclusions ... maybe this was the problem all the time ?

My programmer is telling me that it is necessary to have that 2012 Client and that's why I put him in Excluded folders...

 

Is dangerous to work with disabled all automatic exclusions ?

 

Share this post


Link to post
Share on other sites

For what i readed, SQL Server Native Client (SSNC) shouldn't be used anymore for new developments, and instead use new clients that replaced it. That's why there aren't any new SSNC versions. The last one was from 2012. Maybe ESET could do that, and then the problem would go away.

Quote

For new features beyond SQL Server 2012, SQL Server Native Client will not be updated. Switch to the Microsoft ODBC Driver for SQL Server or the Microsoft OLE DB Driver for SQL Server if you want to take advantage of new SQL Server features going forward.

See: https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sqlallproducts-allversions

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...