Jump to content

Recommended Posts

Posted (edited)

Win 7x64
EIS 12.2.23.0

I'm having a problem with getting the firewall and associated network protections to function.
An error is logged: An error occurred during installation of the epfwlwf driver.

I've tried (twice) removing EIS in safe mode using the ESET uninstaller and installing from scratch, but still the error remains.
Any feedback to troubleshoot the problem would be appreciated.

I enabled advanced logging, rebooted, disabled logging and ran ESET Log Collector. Logs attached.

eis_logs.zip

Edited by stackz
added logs

Share this post


Link to post
Share on other sites
Posted (edited)

I think I've found the problem through using a process monitor bootlog.
Ekrn.exe first looks for epfwlwf.sys in the directory C:\Windows\System32\Drivers
If the driver is not found, Ekrn then (and finally) looks for the driver in "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys". Obviously this path does not exist, hence installation fails.

I created the path "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys" then rebooted and installation of epfwlwf succeeded.

 

 

Edited by stackz

Share this post


Link to post
Share on other sites

I may have spoken to soon. Even though Process Explorer shows epfwlwf.sys loaded under System, Windows event logs show the following error:

Service Control Manager
EventID 7026
The following boot-start or system-start driver(s) failed to load: EpfwLWF

 

Share this post


Link to post
Share on other sites

Try disabling Self-defense, rebooting the machine and installing the driver manually after right-clicking C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\EpfwLwf.inf and selecting "Install".

Share this post


Link to post
Share on other sites
2 hours ago, Marcos said:

Try disabling Self-defense, rebooting the machine and installing the driver manually after right-clicking C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\EpfwLwf.inf and selecting "Install".

Unfortunately this results in an install error: The INF file you selected does not support this method of installation

 

Share this post


Link to post
Share on other sites
6 hours ago, stackz said:

I may have spoken to soon. Even though Process Explorer shows epfwlwf.sys loaded under System, Windows event logs show the following error:

Service Control Manager
EventID 7026
The following boot-start or system-start driver(s) failed to load: EpfwLWF

This indicates to me that epfwlwf.sys is installed and not loading at boot time; but thereafter.

I suspect that the associated reg. key "Start" value might be improperly set. Eset on Win 10 doesn't use this driver.  So I have shown a screen shot of a like Eset driver associated service reg. key location and Start value setting. If epfwlwf  service reg. key Start value is not set to "1", you can do so and see if that resolves the Event 7026 creation.

Warning: Only do the above if the Type setting for the reg. key shows a value of "1".

Untitled.thumb.png.ecb8124b7ccdeffc87619b33a74cce6f.png

Share this post


Link to post
Share on other sites

There's also possibly another dimension to this problem.

@Marcos is not EpfwLWF.sys, Eset's network adapter mini-port filter driver that Eset stopped using releases ago in favor of Windows Filtering Platform use?

In other words, the question is if this driver should be installed in the first place?

Share this post


Link to post
Share on other sites

Yes, it's supposed to be installed on Windows 7.

Share this post


Link to post
Share on other sites
Posted (edited)

Here's how we can verify that EpfwLWF.sys is properly loaded. Had to "comb the deep recesses of my brain" for Win 7 memories which I rather not remember.😅

Refer to the below screen shot in regards to your network adapter. Under the "This connection uses the following items" should be something titled "NDIS Eset Mini-port Filter" or some wording similar to that. If it exists, assume the driver has been loaded and is functioning properly and just ignore the Event Log entry.

Additionally if the driver wasn't properly loaded, Eset's SSL/TLS protocol filtering processing wouldn't be functional.

Eset_Network.png.c943a61e45477efb8a1a5063d720c9b7.png

 

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

It would seem from my findings that it is Ekrn that initiates the loading of epfwlwf.sys and not the Service Control Manager.

If I remove the directory tree that I created - "C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf\EpfwLwf.sys" then epfwlwf is never loaded.

Edited by stackz

Share this post


Link to post
Share on other sites

C:\Program Files\ESET\ESET Smart Security\Drivers was created during installation of an older ESET Smart Security and it's a folder from which ekrn installs drivers.

However, a correct folder should be C:\Program Files\ESET\ESET Security\Drivers.

I'd recommend uninstalling ESET, making sure that the ESET Smart Security folder doesn't exist and then installing the latest version of EIS from scratch.

Share this post


Link to post
Share on other sites
5 hours ago, Marcos said:

I'd recommend uninstalling ESET, making sure that the ESET Smart Security folder doesn't exist and then installing the latest version of EIS from scratch.

I tried that and I'm back where I started with no firewall.

Personal firewall: An error occurred during installation of the epfwlwf driver.

Share this post


Link to post
Share on other sites

I've finally got everything up and running. There was an old epfwlwf driver package in the driverstore's file repository. Once this package was removed, EIS installed successfully.

Share this post


Link to post
Share on other sites

There's a simply way to verify what directory epfwlwf.sys is loading from.

Refer to the above registry screen shot. Find the entry for epfwlwf. Refer to the "ImagePath" entry. If it shows C:\Program Files\ESET\Eset Security\Drivers, then that is where the driver will be loaded from.

Note that driver loading and use of it are two different things. I examined the Start Type setting value for my network adapter and it's "3', i.e. Load on Demand or manual. Obviously the network adapter has to be initialized prior to the assignment of Eset's NDIS mini-port filter to it. This is where ekrn.exe use might come into play.

So it might be that there is a bug/issue here where possibly some residual registry entry or the like that ekrn.exe refers to, and it is set to C:\Program Files\ESET\ESET Smart Security\Drivers versus C:\Program Files\ESET\ESET Security\Drivers?

Share this post


Link to post
Share on other sites
2 hours ago, stackz said:

I've finally got everything up and running. There was an old epfwlwf driver package in the driverstore's file repository. Once this package was removed, EIS installed successfully.

Might be the Eset stand-alone uninstaller no longer checks for old Smart Security install residual entries. Believe that is a reasonable assumption since it hasn't existed since ver. 10.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...