Jump to content

EIS installation issue


Recommended Posts

  • ESET Insiders

Win 7x64
EIS 12.2.23.0

I'm having a problem with getting the firewall and associated network protections to function.
An error is logged: An error occurred during installation of the epfwlwf driver.

I've tried (twice) removing EIS in safe mode using the ESET uninstaller and installing from scratch, but still the error remains.
Any feedback to troubleshoot the problem would be appreciated.

I enabled advanced logging, rebooted, disabled logging and ran ESET Log Collector. Logs attached.

eis_logs.zip

Edited by stackz
added logs
Link to comment
Share on other sites

  • ESET Insiders

I think I've found the problem through using a process monitor bootlog.
Ekrn.exe first looks for epfwlwf.sys in the directory C:\Windows\System32\Drivers
If the driver is not found, Ekrn then (and finally) looks for the driver in "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys". Obviously this path does not exist, hence installation fails.

I created the path "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys" then rebooted and installation of epfwlwf succeeded.

 

 

Edited by stackz
Link to comment
Share on other sites

  • ESET Insiders

I may have spoken to soon. Even though Process Explorer shows epfwlwf.sys loaded under System, Windows event logs show the following error:

Service Control Manager
EventID 7026
The following boot-start or system-start driver(s) failed to load: EpfwLWF

 

Link to comment
Share on other sites

  • Administrators

Try disabling Self-defense, rebooting the machine and installing the driver manually after right-clicking C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\EpfwLwf.inf and selecting "Install".

Link to comment
Share on other sites

  • ESET Insiders
2 hours ago, Marcos said:

Try disabling Self-defense, rebooting the machine and installing the driver manually after right-clicking C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\EpfwLwf.inf and selecting "Install".

Unfortunately this results in an install error: The INF file you selected does not support this method of installation

 

Link to comment
Share on other sites

6 hours ago, stackz said:

I may have spoken to soon. Even though Process Explorer shows epfwlwf.sys loaded under System, Windows event logs show the following error:

Service Control Manager
EventID 7026
The following boot-start or system-start driver(s) failed to load: EpfwLWF

This indicates to me that epfwlwf.sys is installed and not loading at boot time; but thereafter.

I suspect that the associated reg. key "Start" value might be improperly set. Eset on Win 10 doesn't use this driver.  So I have shown a screen shot of a like Eset driver associated service reg. key location and Start value setting. If epfwlwf  service reg. key Start value is not set to "1", you can do so and see if that resolves the Event 7026 creation.

Warning: Only do the above if the Type setting for the reg. key shows a value of "1".

Untitled.thumb.png.ecb8124b7ccdeffc87619b33a74cce6f.png

Link to comment
Share on other sites

There's also possibly another dimension to this problem.

@Marcos is not EpfwLWF.sys, Eset's network adapter mini-port filter driver that Eset stopped using releases ago in favor of Windows Filtering Platform use?

In other words, the question is if this driver should be installed in the first place?

Link to comment
Share on other sites

Here's how we can verify that EpfwLWF.sys is properly loaded. Had to "comb the deep recesses of my brain" for Win 7 memories which I rather not remember.😅

Refer to the below screen shot in regards to your network adapter. Under the "This connection uses the following items" should be something titled "NDIS Eset Mini-port Filter" or some wording similar to that. If it exists, assume the driver has been loaded and is functioning properly and just ignore the Event Log entry.

Additionally if the driver wasn't properly loaded, Eset's SSL/TLS protocol filtering processing wouldn't be functional.

Eset_Network.png.c943a61e45477efb8a1a5063d720c9b7.png

 

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders

It would seem from my findings that it is Ekrn that initiates the loading of epfwlwf.sys and not the Service Control Manager.

If I remove the directory tree that I created - "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys" then epfwlwf is never loaded.

Edited by stackz
Link to comment
Share on other sites

  • Administrators

C:\Program Files\ESET\ESET Smart Security\Drivers was created during installation of an older ESET Smart Security and it's a folder from which ekrn installs drivers.

However, a correct folder should be C:\Program Files\ESET\ESET Security\Drivers.

I'd recommend uninstalling ESET, making sure that the ESET Smart Security folder doesn't exist and then installing the latest version of EIS from scratch.

Link to comment
Share on other sites

  • ESET Insiders
5 hours ago, Marcos said:

I'd recommend uninstalling ESET, making sure that the ESET Smart Security folder doesn't exist and then installing the latest version of EIS from scratch.

I tried that and I'm back where I started with no firewall.

Personal firewall: An error occurred during installation of the epfwlwf driver.

Link to comment
Share on other sites

  • ESET Insiders

I've finally got everything up and running. There was an old epfwlwf driver package in the driverstore's file repository. Once this package was removed, EIS installed successfully.

Link to comment
Share on other sites

There's a simply way to verify what directory epfwlwf.sys is loading from.

Refer to the above registry screen shot. Find the entry for epfwlwf. Refer to the "ImagePath" entry. If it shows C:\Program Files\ESET\Eset Security\Drivers, then that is where the driver will be loaded from.

Note that driver loading and use of it are two different things. I examined the Start Type setting value for my network adapter and it's "3', i.e. Load on Demand or manual. Obviously the network adapter has to be initialized prior to the assignment of Eset's NDIS mini-port filter to it. This is where ekrn.exe use might come into play.

So it might be that there is a bug/issue here where possibly some residual registry entry or the like that ekrn.exe refers to, and it is set to C:\Program Files\ESET\ESET Smart Security\Drivers versus C:\Program Files\ESET\ESET Security\Drivers?

Link to comment
Share on other sites

2 hours ago, stackz said:

I've finally got everything up and running. There was an old epfwlwf driver package in the driverstore's file repository. Once this package was removed, EIS installed successfully.

Might be the Eset stand-alone uninstaller no longer checks for old Smart Security install residual entries. Believe that is a reasonable assumption since it hasn't existed since ver. 10.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...