ESS 7 - Slow Boot on Windows 8.1

[Nedim 9]

Hello all.

I'm using ESS 7.0.302.26 on a freshly installed Windows 8.1.

But there is an issue with a slow boot.

It takes about 2 minutes to see my Desktop. I tried to disable HIPS and it did help, and my PC doesn't slow on startup.

When I enable it again it bring back the problem.

 

So I looked for another similar threads here and found this one and I tried to follow Marco's instructions posted here.

 

And here are my HIPS records, Sysinspector log and info about installed modules.

 

Any help would be greatly appreciated.

 

Syinsp. log is here:

 

Snip: Link to SysInspector log removed as it contains sensitive information. In the future, please send SysInspector logs via a personal message.

HIPS.xml

Installed Components.txt

Edited February 6, 2014 by Marcos
ESI log removed

[Marcos 5,072]

Hello,

did you start experiencing these issues right after the upgrade to v. 7.0.302.26? Do you remember what version you had installed previously? We've also noticed a discrepancy between the Windows build 9200 in your ESI log (Windows 8.0) and your statement that you have Windows 8.1 installed. What's true?

 

Also please carry out the following tests:

1, disable Advanced memory scanner and try to reproduce the problem

2, disable Self-defense and try to reproduce the problem.

[Nedim 9]

Hello, Marcos. Thanks for your reply. I didn't upgrade from previous versions. Only used 7.0.302.26

 

 

And yes, I'm using Windows 8.1 Pro.

 

 

 

 

 

 

[Marcos 5,072]

It's odd then that Windows reports build 9200 which is Windows 8.0. Please carry out the 2 tests I asked about in my previous message.

[Nedim 9]

 

 

Also please carry out the following tests:

1, disable Advanced memory scanner and try to reproduce the problem

2, disable Self-defense and try to reproduce the problem.

 

No changes, Marcos. Still slow 

[Marcos 5,072]

Did you upgrade from Windows 8.0 to 8.1 or it was a clean Windows 8.1 install? As I wrote, the SysInspector showed Windows 8.0 so I assume you created it before upgrade to Windows 8.1 ?

 

Please do 2 more tests:

1, rename C:\Windows\System32\drivers\eamonm.sys (e.g. to eamonm.sy) in safe mode and try to reproduce the problem

2, if renaming eamonm.sys helps, keep it renamed, enable Self-defense, HIPS and Advanced memory scanner and try to reproduce the problem.

[Nedim 9]

It was upgrade from Windows 8 to Windows 8.1. I did it 2 days ago.

But I created SysInspector log today on Windows 8.1 ! I'm not sure what's going on about that 

 

After renaming eamonm.sys to eamonm.sy I've got a message from Eset that say" Antivirus protection disabled. A critical error ocured while starting real-time protection. The program needs to be reinstalled!"

 

Here's the screenshot:

 

Edited February 6, 2014 by Nedim

[Arakasi 549]

If you reboot again does the critical error message go away?

Marcos does that driver get recreated?

Despite the error being shown, did boot speed increase?

Edited February 6, 2014 by Arakasi

[Nedim 9]

If you reboot again does the critical error message go away?

Marcos does that driver get recreated?

Despite the error being shown, did boot speed increase?

 

No, I did it two more times, just to be sure. The message is still there. Boot speed is still the same.

[Marcos 5,072]

One more thing - disable Self-defense, clear the HIPS log, restart the computer and then post current HIPS records.

[Nedim 9]

One more thing - disable Self-defense, clear the HIPS log, restart the computer and then post current HIPS records.

 

Ok....I'll be back

[Nedim 9]

One more thing - disable Self-defense, clear the HIPS log, restart the computer and then post current HIPS records.

 

Here it is

HIPS.xml

[Marcos 5,072]

There are still "Self-Defense: Protect ekrn and egui processes" entries in the HIPS log. These shouldn't be there as long as Self-defense is disabled.

[Nedim 9]

Marcos, I checked twice. It's still disabled.

After another restart (new HIPS log):

 

 

 

HIPS.xml

[shocked 60]

sorry to hijack the thread but I think ess incorrectly reports the os version.
the winver.exe shows 6.3 (9600), while ess reports 6.2.9200

 

win 8.1 is installed after a format

Edited February 6, 2014 by pavilion_alex

[puff-m-d 120]

Hello,

 

I can verify ESS is reporting the windows version incorrectly. I have same results as pavilion_alex.

[superssjdan 18]

Hello.I can also verify the same as puff-m-d and pavilion_alex.

[Marcos 5,072]

Please make a test to check if Self-defense is disabled. Open the Task manager, click More details so that background processes are displayed, select ESET Service (32-bit) and click End task. If no error message pops up and the service restarts automatically, Self-defense is disabled. If you get an error message, Self-defense is enabled and protecting ESET's components.

Let us know about your findings.

[Nedim 9]

Please make a test to check if Self-defense is disabled. Open the Task manager, click More details so that background processes are displayed, select ESET Service (32-bit) and click End task. If no error message pops up and the service restarts automatically, Self-defense is disabled. If you get an error message, Self-defense is enabled and protecting ESET's components.

Let us know about your findings.

Sorry Marcos, can't do it at the moment. Since last night, my system is in total havoc. Couldn't restart it, couldn't shut down my PC. Simply, laptop doesn't turn off by itself when I shut it down. Not sure what caused that behaviour. The only way to do it was to disconnect my laptop from power source. I had to re image my system and currently I'm not using any of security solutions. I'm not sure I'll use ESET SS anymore. I'll try NOD32 AV just to see it how it works.

Anyway, I want to thank you for your help and support.

[Marcos 5,072]

If you thought it was caused by ESET, you could have booted to safe mode and rename the 2 drivers eamonm.sys and ehdrv.sys. Had the problem persisted, it couldn't have been caused by ESET (at least the chances would have been very slim).

 

Also the fact that Self-defense seemed to stay active even after disabling it in gui may indicate an issue with the operating system itself. We've tried to reproduce it here on two systems with Windows 8.1 to no avail. Self-defense was properly deactivated after being disabled in gui and restarting the computer.

 

Thank you for your cooperation Nedim.

[Nedim 9]

As I said I'm not sure that ESET was culprit.

Currently I'm installing updates for Win 8. After that I'll try EAV and see if it works ok.

Will post back..

Thanks again Marcos.

[comez6 1]

I don't know if you are still experincing this issue. Today I found a fix (workarround) For me the slow startup only happens when I sign in with a Microsoft Account. I converted my Windows account to a Local account and now the issue is resolved. I hope it also works for you. For help converting your online account to a local account see: hxxp://www.cnet.com/how-to/how-to-switch-your-windows-8-1-log-in-to-a-local-account/

 

Kind regards,

 

Richard

[Nedim 9]

I don't know if you are still experincing this issue. Today I found a fix (workarround) For me the slow startup only happens when I sign in with a Microsoft Account. I converted my Windows account to a Local account and now the issue is resolved. I hope it also works for you. For help converting your online account to a local account see: hxxp://www.cnet.com/how-to/how-to-switch-your-windows-8-1-log-in-to-a-local-account/

 

Kind regards,

 

Richard

 

Hello Richard. Thank you for your suggestion. No problems here with ESET AV. I have no plans to use Eset Smart Security in the near future. Actually I would like to try it again but currently I'm a little busy at the moment so don't have much time to investigate this issue.

Also I'm not sure that ESET was the culprit.