Administrators Marcos 5,468 Posted June 13, 2019 Administrators Posted June 13, 2019 8 hours ago, espkiller said: the same problem here, some progress? Unfortunately there are no news from Microsoft yet.
Robbb 0 Posted June 13, 2019 Posted June 13, 2019 On 2/19/2019 at 7:43 PM, Beech Horn said: Microsoft's official advice is to use SignTool.exe which also shows it as being valid: https://docs.microsoft.com/en-us/windows/desktop/seccrypto/using-signtool-to-verify-a-file-signature
Administrators Marcos 5,468 Posted June 14, 2019 Administrators Posted June 14, 2019 Signtool cannot be used to determine if a dll is properly signed to meet requirements for protection of anti-malware services introduced by Microsoft in Windows 8.1. To our best knowledge, if a dll meets requirements can only be determined via a debugger and there's no command line tool that could be used for that. In a debugger you'd get a message like Quote [\Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll]: [\Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe] 0x7 > 0x1 ****************************************************************** This break indicates this binary is not signed correctly: \Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll and does not meet the system policy. The binary was attempted to be loaded in the process: \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe This is not a failure in CI, but a problem with the failing binary. Please contact the binary owner for getting the binary correctly signed. *****************************************************************
Robbb 0 Posted June 16, 2019 Posted June 16, 2019 So why is ESET the only AV that is failing this file's signature?
Administrators Marcos 5,468 Posted June 18, 2019 Administrators Posted June 18, 2019 Either the other AVs do not work as a protected service or they do not call a particular API function that causes the rll file to load.
Rogerio Naressi 0 Posted July 22, 2019 Posted July 22, 2019 After updating ESET File Security 7.0, the same error started to appear here. I upgraded to 7.1.12006.0 and the error continues: SQL Server Native Client 11.0: Unable to load sqlnclir11.rll due to either missing file or version mismatch. The application can not continue. Environment: Windows Server 2012 R2, SQL Server 2012 SP4. I read the posts and apparently it is Microsoft's problem, although in Google searches this error is only occurring in environment with ESET. The error in the Windows log is logged in 30 minute intervals. Which process does ESET perform at this interval to generate the error? Thank you,
Evado 0 Posted July 29, 2019 Posted July 29, 2019 The same here. ESET File Security 7.0.12014.0. Windows server 2012R2 and SQL Server 2012 Native Client. I tried: - Exclude path : C:\Windows\System32\sqlnclir11.rll C:\Windows\System32\1033\sqlnclir11.rll C:\Windows\SysWOW64\1033\sqlnclir11.rll C:\Windows\WinSxS\amd64_microsoft-windows-wid_31bf3856ad364e35_6.3.9600.16384_none_986967552fdc62b2\sqlnclir11.rll C:\Windows\WinSxS\amd64_microsoft-windows-wid-x86_31bf3856ad364e35_6.3.9600.16384_none_a99acdd86e54f943\sqlnclir11.rll Even tried - HIPS - Rules - Allow File with paths above. Nothing helps. Can you please just tell us how to exclude this file and everything will work without errors ?
Administrators Marcos 5,468 Posted July 29, 2019 Administrators Posted July 29, 2019 You can disable automatic MS SQL exclusions and add the exclusions manually as per https://support.eset.com/kb3078/#MicrosoftSQLServer
Evado 0 Posted July 30, 2019 Posted July 30, 2019 17 hours ago, Marcos said: You can disable automatic MS SQL exclusions and add the exclusions manually as per https://support.eset.com/kb3078/#MicrosoftSQLServer Didn't helped. Still same error.
Administrators Marcos 5,468 Posted July 30, 2019 Administrators Posted July 30, 2019 Weird, for us it worked. Try disabling all automatic exclusions and add them manually as per the KB article. As of MS SQL 2016, the issue doesn't occur.
Evado 0 Posted July 30, 2019 Posted July 30, 2019 Is restart required after all changes ? Didn't restarted server because I need wait maintenance time. On other server the same. I have SQL 2016 on that server.
Administrators Marcos 5,468 Posted July 30, 2019 Administrators Posted July 30, 2019 It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed.
Rogerio Naressi 0 Posted July 30, 2019 Posted July 30, 2019 Here it worked, no longer generating errors. I have disabled automatic exclusions for SQL Sever and include manually. We use W2012R2 and SQL Server 2012 is installed in a non-standard locall.
Evado 0 Posted July 30, 2019 Posted July 30, 2019 57 minutes ago, Marcos said: It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed. Now it stopped generating errors ?? Without restart... hmmm... OK... after disabling all automatic exclusions ... maybe this was the problem all the time ? My programmer is telling me that it is necessary to have that 2012 Client and that's why I put him in Excluded folders... Is dangerous to work with disabled all automatic exclusions ?
frapetti 2 Posted August 30, 2019 Posted August 30, 2019 For what i readed, SQL Server Native Client (SSNC) shouldn't be used anymore for new developments, and instead use new clients that replaced it. That's why there aren't any new SSNC versions. The last one was from 2012. Maybe ESET could do that, and then the problem would go away. Quote For new features beyond SQL Server 2012, SQL Server Native Client will not be updated. Switch to the Microsoft ODBC Driver for SQL Server or the Microsoft OLE DB Driver for SQL Server if you want to take advantage of new SQL Server features going forward. See: https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sqlallproducts-allversions
Recommended Posts