Most Valued Members Nightowl 206 Posted November 18, 2018 Most Valued Members Posted November 18, 2018 (edited) Hello , When ESET shows me that my OS is missing updates , I do click on Run Update from ESET Gui after looking at what updates my PC is missing , I click Run System Update or Run Update can't remember exactly , all that happens is that I get an admin CMD window opened (from system32). EDIT : Yes I do know that I can run the Windows Update from Windows itself , but ESET instead of opening the Windows Update window for me , it's opening me the CMD Admin windows , it's like the script that is intended for this job is not doing it's job right. Edited November 18, 2018 by Rami
Administrators Marcos 5,460 Posted November 18, 2018 Administrators Posted November 18, 2018 Please post a screen shot for clarification.
Most Valued Members Nightowl 206 Posted November 18, 2018 Author Most Valued Members Posted November 18, 2018 (edited) 2 hours ago, Marcos said: Please post a screen shot for clarification. I have updated my Windows , I can't re-produce the bug again , but it happened before this time It just opens an admin CMD window and do nothing. EDIT : I have to wait until there is an update for my system so ESET can show me and I can reproduce the error , but it happened 2 times , each time for different updates clicking the Run Update just opens a CMD admin window. On my laptop it opens the CMD admin window , on my desktop it works , I'm trying to know what is the difference between the 2 systems , but both of them using the same Windows 10 and the same ESET version , I just don't know what is different in the laptop setup. Edited November 18, 2018 by Rami
itman 1,805 Posted November 18, 2018 Posted November 18, 2018 (edited) Posting OS ver. used really is necessary to properly diagnosis this. On Win 10 Home x(64), I never have had an issue with it opening the Win 10 system win update check screen. My main complaint about the feature is it appears to be triggered by the Win 10 system update checking and is not sophisticated enough, or is not programmed, to wait to see if the update was actually done automatically. In other words, the Eset notification should only appear if the Win update was not installed. Edited November 18, 2018 by itman
Most Valued Members Nightowl 206 Posted November 18, 2018 Author Most Valued Members Posted November 18, 2018 5 minutes ago, itman said: Posting OS ver. used really is necessary to properly diagnosis this. On Win 10 Home x(64), I never have had an issue with it opening the Win 10 system win update check screen. My main complaint about the feature is it appears to be triggered by the Win 10 system update checking and is not sophisticated enough, or is not programmed, to wait to see if the update was actually done automatically. In other words, the Eset notification should only appear if the Win update was not installed. Laptop is running Windows 10 Pro 1803 x64 , Desktop is running Windows 10 Enterprise 1803 x64
itman 1,805 Posted November 18, 2018 Posted November 18, 2018 (edited) 5 minutes ago, Rami said: Laptop is running Windows 10 Pro 1803 x64 Strange. Same version I am using but on a desktop. Well, not exactly since I am using the home version. Since you are using the Pro version, have you configured any SRP's or other Windows security mechanisms; e.g. ASR rules, to block cmd.exe execution? Or, are you using third party security software like NVT's OSArmor? Edited November 18, 2018 by itman
Most Valued Members Nightowl 206 Posted November 18, 2018 Author Most Valued Members Posted November 18, 2018 1 minute ago, itman said: Strange. Same version I am using but on a desktop. Well, no exactly since I am using the home version. Since you are using the Pro version, have you configured any SRP's or other Windows security mechanisms; e.g. ASR rules, to block cmd.exe execution? I never changed any of the Windows Security settings or any of the Local Policy. I have to wait for the next update so I can get a notification from ESET , uninstalling and re-installing could fix it I will see.
itman 1,805 Posted November 23, 2018 Posted November 23, 2018 (edited) @Rami, I checked this out. I opened Process Explorer prior to accessing Win Update checking via Eset GUI check for Win Updates button in Win 10 Home x(64) 1803. I did not observe any startup of cmd.exe origination from ekrn.exe, equi.exe, or anything else for that matter. My best guess is Eset is executing "ms-settings:windowsupdate" via run command window equivalent. Edited November 23, 2018 by itman
Most Valued Members Nightowl 206 Posted November 24, 2018 Author Most Valued Members Posted November 24, 2018 4 hours ago, itman said: @Rami, I checked this out. I opened Process Explorer prior to accessing Win Update checking via Eset GUI check for Win Updates button in Win 10 Home x(64) 1803. I did not observe any startup of cmd.exe origination from ekrn.exe, equi.exe, or anything else for that matter. My best guess is Eset is executing "ms-settings:windowsupdate" via run command window equivalent. And that probably why I get an empty CMD admin window when I click it , it seems that there is something that prevented it from triggering.
itman 1,805 Posted November 24, 2018 Posted November 24, 2018 9 minutes ago, Rami said: And that probably why I get an empty CMD admin window when I click it No - I don't believe Eset is using cmd.exe for this. Programs can interact with the desktop. What I believe equi.exe is doing is internally running this: ms-settings:windowsupdate.
itman 1,805 Posted November 24, 2018 Posted November 24, 2018 (edited) Also, I monitor all cmd.exe startup using a HIPS rule. If egui.exe was doing so, I would have received an alert from it which I never have received. Eset programs are written in assembler; at least ekrn.exe is and I assume egui.exe is also. You can start a program directly from assembler code using the following I found on the web: Quote You can start a program with CreateProcessA and wait for its end with WaitForSingleObject. The GCC-linker (LD) needs also a suffix with the number of the pushed bytes (e.g. "@4", one dword = four bytes). That is one reason to use another linker. The following code example is for cmd.exe but it could also be deployed for systemsettings.exe and accessing the Windows Update feature within: Quote Here's a simple example to start a shell (cmd.exe) with a "dir"-command: exec_dir.asm: STRUC _STARTUPINFO ; https://msdn.microsoft.com/library/windows/desktop/ms686331.aspx .cb: resd 1 .lpReserved: resd 1 .lpDesktop: resd 1 .lpTitle: resd 1 .dwX: resd 1 .dwY: resd 1 .dwXSize: resd 1 .dwYSize: resd 1 .dwXCountChars: resd 1 .dwYCountChars: resd 1 .dwFillAttribute: resd 1 .dwFlags: resd 1 .wShowWindow: resw 1 .cbReserved2: resw 1 .lpReserved2: resd 1 .hStdInput: resd 1 .hStdOutput: resd 1 .hStdError: resd 1 ENDSTRUC STRUC _PROCESS_INFORMATION ; https://msdn.microsoft.com/library/windows/desktop/ms684873.aspx .hProcess: resd 1 .hThread: resd 1 .dwProcessId: resd 1 .dwThreadId: resd 1 ENDSTRUC ENDSTRUC section .data startupinfo: istruc _STARTUPINFO iend procinfo: istruc _PROCESS_INFORMATION iend app_fullpath: db "C:\Windows\System32\cmd.exe",0 params: db "/c dir", 0 msg: db `\n\nok.\n`,0 global _main EXTERN _ExitProcess@4, _CreateProcessA@40,_WaitForSingleObject@8 EXTERN _puts, _fflush section .text _main: ; CreateProcess(app_fullpath,params,0,0,false,0,0,0,&startupinfo,&procinfo) push procinfo push startupinfo push 0 push 0 push 0 push 0 push 0 push 0 push params push app_fullpath call _CreateProcessA@40 ; https://msdn.microsoft.com/library/windows/desktop/ms682425.aspx ; WaitForSingleObject( procinfo.hProcess, INFINITE ); push -1 ; INFINITE push dword [procinfo + _PROCESS_INFORMATION.hProcess] call _WaitForSingleObject@8 ; puts ("ok."), fflush to flush the stdout-buffer push msg call _puts mov dword [esp], 0 call _fflush add esp, 4 ; return 0 push 0 call _ExitProcess@4 Edited November 24, 2018 by itman
Most Valued Members Nightowl 206 Posted November 25, 2018 Author Most Valued Members Posted November 25, 2018 I will try to see what is the cause of the CMD prompt , I will try to re-produce the bug.
Most Valued Members Nightowl 206 Posted November 27, 2018 Author Most Valued Members Posted November 27, 2018 On 11/24/2018 at 6:40 PM, itman said: Also, I monitor all cmd.exe startup using a HIPS rule. If egui.exe was doing so, I would have received an alert from it which I never have received. Eset programs are written in assembler; at least ekrn.exe is and I assume egui.exe is also. You can start a program directly from assembler code using the following I found on the web: The following code example is for cmd.exe but it could also be deployed for systemsettings.exe and accessing the Windows Update feature within: It seems that the bug is caused by Windows itself , even though I am trying to open Display Settings , I only get a CMD window, I just don't know what is the cause of this.
itman 1,805 Posted November 27, 2018 Posted November 27, 2018 8 minutes ago, Rami said: even though I am trying to open Display Settings , I only get a CMD window, Do you mean Windows Update settings via the Eset GUI or "Display Settings?" If the later, you will have to elaborate more on what you are doing.
Most Valued Members Nightowl 206 Posted November 27, 2018 Author Most Valued Members Posted November 27, 2018 46 minutes ago, itman said: Do you mean Windows Update settings via the Eset GUI or "Display Settings?" If the later, you will have to elaborate more on what you are doing. When I right click on the desktop and then click Personalize or Display Settings , all I get is an empty system32 cmd window, that might explain why when I click Run Update in ESET , the same thing happens.
itman 1,805 Posted November 27, 2018 Posted November 27, 2018 (edited) 1 hour ago, Rami said: When I right click on the desktop and then click Personalize On my Win 10 x(64) 1803 build when I do the same, the following processes are started: SystemSettings.exe backgroundTaskHost.exe SpeechRuntime.exe No evidence of any attempt to run cmd.exe. You possibly have a corrupted user account/settings or a number of other issues. Here's something to review: https://www.maketecheasier.com/fix-settings-app-not-working-in-windows-10/ . Of note: Quote Conclusion It’s not simple, but creating a new Windows account is sadly the best workaround to this problem that’s managed to persist for some despite patches that have been released to tackle it. It’s worth stressing again that you should try the two simpler solutions at the start of this article before going through the hassle of creating a new account. Edited November 27, 2018 by itman
Most Valued Members Nightowl 206 Posted November 28, 2018 Author Most Valued Members Posted November 28, 2018 12 hours ago, itman said: On my Win 10 x(64) 1803 build when I do the same, the following processes are started: SystemSettings.exe backgroundTaskHost.exe SpeechRuntime.exe No evidence of any attempt to run cmd.exe. You possibly have a corrupted user account/settings or a number of other issues. Here's something to review: https://www.maketecheasier.com/fix-settings-app-not-working-in-windows-10/ . Of note: I will take a look , or just format the laptop so I won't have to deal with Microsoft problems.
Recommended Posts