Jump to content

Recommended Posts

  • Administrators
Posted
8 hours ago, espkiller said:

the same problem here, some progress?

Unfortunately there are no news from Microsoft yet.

  • Administrators
Posted

Signtool cannot be used to determine if a dll is properly signed to meet requirements for protection of anti-malware services introduced by Microsoft in Windows 8.1. To our best knowledge, if a dll meets requirements can only be determined via a debugger and there's no command line tool that could be used for that.

In a debugger you'd get a message like

Quote

[\Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll]:
[\Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe] 0x7 > 0x1

******************************************************************


 

This break indicates this binary is not signed correctly: 
\Device\HarddiskVolume1\Windows\System32\1033\sqlnclir11.rll

and does not meet the system policy.

The binary was attempted to be loaded in the process:
 \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ekrn.exe

This is not a failure in CI, but a problem with the failing binary.

Please contact the binary owner for getting the binary correctly signed.

*****************************************************************

 

Posted

So why is ESET the only AV that is failing this file's signature?

  • Administrators
Posted

Either the other AVs do not work as a protected service or they do not call a particular API function that causes the rll file to load.

  • 1 month later...
Posted

After updating ESET File Security 7.0, the same error started to appear here. I upgraded to 7.1.12006.0 and the error continues:

 

SQL Server Native Client 11.0: Unable to load sqlnclir11.rll due to either missing file or version mismatch. The application can not continue.

 

Environment: Windows Server 2012 R2, SQL Server 2012 SP4.

 

I read the posts and apparently it is Microsoft's problem, although in Google searches this error is only occurring in environment with ESET.

 

The error in the Windows log is logged in 30 minute intervals. Which process does ESET perform at this interval to generate the error?

 

Thank you,

Posted

The same here. ESET File Security 7.0.12014.0.

Windows server 2012R2 and SQL Server 2012 Native Client.

I tried:

- Exclude path :

C:\Windows\System32\sqlnclir11.rll

C:\Windows\System32\1033\sqlnclir11.rll

C:\Windows\SysWOW64\1033\sqlnclir11.rll

C:\Windows\WinSxS\amd64_microsoft-windows-wid_31bf3856ad364e35_6.3.9600.16384_none_986967552fdc62b2\sqlnclir11.rll

C:\Windows\WinSxS\amd64_microsoft-windows-wid-x86_31bf3856ad364e35_6.3.9600.16384_none_a99acdd86e54f943\sqlnclir11.rll

 

Even tried - HIPS - Rules - Allow File with paths above.

Nothing helps.

Can you please just tell us how to exclude this file and everything will work without errors ?

 

  • Administrators
Posted

Weird, for us it worked. Try disabling all automatic exclusions and add them manually as per the KB article.

As of MS SQL 2016, the issue doesn't occur.

Posted

Is restart required after all changes ? Didn't restarted server because I need wait maintenance time.

On other server the same. I have SQL 2016 on that server.

image.png.d42683a62bff2fe74c5f72216048a556.png

 

  • Administrators
Posted

It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed.

Posted

 

Here it worked, no longer generating errors. I have disabled automatic exclusions for SQL Sever and include manually. We use W2012R2 and SQL Server 2012 is installed in a non-standard locall.

 

image.png.ed8caca88e1f53d183de8faf16853f68.png

Posted
57 minutes ago, Marcos said:

It's most likely caused by the SQL Server 2012 Native client installed. MS SQL 2016 uses an ODBC driver instead as far as I know so it should not be needed.

Now it stopped generating errors ?? Without restart... hmmm... OK... after disabling all automatic exclusions ... maybe this was the problem all the time ?

My programmer is telling me that it is necessary to have that 2012 Client and that's why I put him in Excluded folders...

 

Is dangerous to work with disabled all automatic exclusions ?

 

  • 1 month later...
Posted

For what i readed, SQL Server Native Client (SSNC) shouldn't be used anymore for new developments, and instead use new clients that replaced it. That's why there aren't any new SSNC versions. The last one was from 2012. Maybe ESET could do that, and then the problem would go away.

Quote

For new features beyond SQL Server 2012, SQL Server Native Client will not be updated. Switch to the Microsoft ODBC Driver for SQL Server or the Microsoft OLE DB Driver for SQL Server if you want to take advantage of new SQL Server features going forward.

See: https://docs.microsoft.com/en-us/sql/connect/connect-history?view=sqlallproducts-allversions

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...