Jump to content

update from 12.2.23 to 12.2.29


Recommended Posts

After updating to latest version , we are getting two errors in the eventlog ; "The Windows Security Center service cannot load instances of AntiVirusProduct from the data store id = 19 "         and
"The Windows Security Center service cannot load instances of FirewallProduct from the data store. id = 18 "

The option in Windows Defender " allow periodicly scanning with Windows Defender;  y/n "  , is changing to "no " , after every reboot , while its set to "yes" , before the reboot !

So , ESET is changing your settings from "yes"to "no" ( on/off)  after rebooting ............

Contacted support , they adviced me to uninstall/re-install , which I did twice ( same results) already !

Have a look on the txt-file , so many ESET-keys in the Security Center/Provider , two for AV and two for Firewall , is this normal ??

I wonder if someone has a solution , or am I the only one with these problems ??

Never seen these problems before , untill latest update to 12.2.29...........

Appreciate some help ............

Security Center.txt

Link to comment
Share on other sites

Confirmed and previously noted by forum posting to Eset. Since it appears that notification was deemed not relevant, I am assuming at this point this event log recorded activity is by design on Eset's part.

1 hour ago, Pete12 said:

Have a look on the txt-file , so many ESET-keys in the Security Center/Provider , two for AV and two for Firewall , is this normal ??

Only Eset moderators can view attachments. I have previously and just recently reviewed my Win 10 Security settings and all show expected statuses. That is both WIn firewall and Defender are disabled and Eset is the firewall and anti-virus provider.

1 hour ago, Pete12 said:

The option in Windows Defender " allow periodicly scanning with Windows Defender;  y/n "  , is changing to "no " , after every reboot , while its set to "yes" , before the reboot !

Haven't tried this yet. So I reserve comment on it.

I personally have observed something unusual at boot time recently. That is the Windows Defender engine, MsMpEng.exe, starting up and briefly running at boot time and performing an update to this directory, C:\ProgramData\Microsoft\Windows Defender\Support. There is also network activity associated with this.

Edited by itman
Link to comment
Share on other sites

  • Administrators

I'm waiting for a response from devs as to what is causing it. I'm almost sure that we do not disable periodic scanning intentionally. I'd rather not speculate and avoid telling that it's a bug in ESET or Windows itself at this point. Will keep you posted.

Link to comment
Share on other sites

"

  • Posts: 16131
  • Kudos: 2935
  • Joined: February 8, 2013
  •  
  • Location: Slovakia

I'm waiting for a response from devs as to what is causing it. I'm almost sure that we do not disable periodic scanning intentionally." ................version 12.2.29 DOES HOWEVER !!!

Also 4 ( four !!) PROVIDERS mentioned in the Security Center , 2 for A-Virus , and 2 for Firewall .(HKey.Loc.Machine/Software/Microsoft/Security/Security Center/Provders.)

Why 4 providers (??) , while previous 12.2.23 only has two ( 1 for A-Virus and 1 for Firewall).

Please, have a look in your own system and check above !!

Im sure this is the cause of some nasty troubles in this latest version, which I never had before ..............!!

I really do hope a solution/new update will arrive very soon , my eventlog turns red after every reboot.........

Link to comment
Share on other sites

In the Window Defender Antivirus opties , you can choose for periodic scanning , on/off.

If you choose for "on" , it should STAY on , after reboot also !!

After version 12.2.29 this setting changes to "off" , after each reboot , wrong !

In previous 12.2.23 it remembers your setting before reboot , so once set =set , right !

There are more changes , read my previous posts and check the Security Center ( reg-key) .

How many providers do you have ? It should be only two ( A-Virus and Firewall ).

After the update ,I have four ………..!

Link to comment
Share on other sites

  • Administrators

1, Re. periodic scanning, I was able to reproduce this earlier and reported. 2

2, It doesn't matter what is in the registry, the point is what is reported in the Windows Security panel and especially if there are any actual issues. It could be this is a way to workaround a bug in Security Center registration process reported at https://forum.eset.com/topic/20736-error-message-from-windows-at-version-122280/, checking with devs.

Link to comment
Share on other sites

54 minutes ago, Marcos said:

It could be this is a way to workaround a bug in Security Center registration process reported at , checking with dev

I am more concerned that the WD engine is starting up at boot time; abet for a short period only. Note this activity occurs after user logon. Prior to Win 10 1903, WD has no self-protection. Also as I noted in another forum posting, 1903 WD self-protection is not always enabled initially as it should be. This makes it an ideal target for code injection, APC thread hijacking, etc. by an attacker.

Note to anyone running WD periodic scanning on Win 10 1903. Verify that its self-protection option is enabled. Additionally make sure that MsMpEng.exe is self-sandboxed.

Edited by itman
Link to comment
Share on other sites

Further proof something is not right in regards to the 12.2.29 upgrade pertaining to Windows Security Center and Windows Defender.

Not only is the WD engine starting at boot time, but it appears WD is attempting to also update its signature database. Refer to the below screen shot. Also in this instance, MpCmdRun.exe runs for an extended period of time till it apparently times out and finally terminates. Again, this process should not be running unless Windows believes WD is the active real-time solution.

Eset_WD.png.648206c992e167d153149849e4a81623.png

 

Edited by itman
Link to comment
Share on other sites

Other error:

The Windows Security Center Service was unable to load instances of AntiVirus Product from datastore.

Also event 17 Security Center failed to validate caller with error DC040780.

Edited by Zardoc
Link to comment
Share on other sites

I'm just using Nod 32 Antivirus and not the other versions, but I'm also seeing some strange behaviour after I was upgraded to version 12.2.29.0. After rebooting to complete the update I got a notification from the Windows action center that said something aloung the lines of "neither Eset or Windows Defender is turned on", even though Eset was all green in the Windows Security Center and running in the taskmanager. I have not been able to recreate that though, it only appeared after upgrading to 12.2.29.0 and rebooting to finish it.

Now whenever I turn on my computer it would seem that Windows Defender is doing something in the taskmanager for a couple of minutes and then goes away. It's worth pointing out that I do not have periodic scanning for WD turned on in settings and never have. Screenshots attached. 

Should I be worried about this?

 

Screenshot 1.PNG

Screenshot 2.PNGScreenshot 3.PNG

 

Also I forgot to mention that there also seems to be a few errors related to this in the Eventviewer. A new one seems to appear after every reboot since upgrading to 12.2.29.0. Translation: "The service Windows Securitycenter could not read occurences of AntiVirusProduct from the datastorage"

603506643_Screenshot4.thumb.PNG.0b44987f417c7780f926b4075eff6dff.PNG

 

Edited by autobotranger
Link to comment
Share on other sites

It appears to me that Eset is doing some type of "kluge" processing where it fools Win 10 into thinking no other AV/firewall is installed at boot time. That is what is causing the event log entries. My guess is Eset is not loading its ELAM driver. This will cause later Win 10 versions to startup Windows Defender and run it in parallel with the third party AV solution. Or the OS in the mean time seeing that no third party AV is installed, starts up the Win firewall front-end plus Windows Defender.

Eset then later registers itself with Windows Security Center and all is well in that regard. Once the Eset registration with Security Center completes, then the OS switches over to recognizing Eset as the firewall plus AV real-time provider and terminates the Windows Defender engine process.

The problem with the above is while Windows Defender is active, it is performing activities like trying to update its definitions and God only knows what else. There is also the issue of malware that runs at start-up "sneaking through" due to the fact two real-time AV solutions are running. What happens if WD detects the malware first but is not fully functional?

Eset really needs to do its initialization with Security Center properly as was done with ver. 12.2.23 and prior versions.

Edited by itman
Link to comment
Share on other sites

" Eset really needs to do its initialization with Security Center properly as was done with ver. 12.2.23 and prior versions.".........yes, Eset should really have a good look ata this faulty update !!!  Uninstalled/re-installed 3 times , everytime the same errors in the eventlog ; " The Windows Security Center service cannot load instances of AntiVirusProduct from the data store id = 19
The Windows Security Center service cannot load instances of FirewallProduct from the data store. id = 18 "

And the option for a periodic scan with Windows Defender set to "off"  , after every reboot !

Never had these errors before , while Im using Eset for years in Win7/10 !

This is the worst update ( ???) I ever had .............

Hopefully Eset comes with a solution , else have to ask for help on distance !

In the worst case have to look for other security-software !!

 

 

Link to comment
Share on other sites

Another possibility of why WD is starting at boot time and would also be an explanation as to why WD's Periodic Scanning feature is being "mysteriously" disabled is the following.

Eset internally is using that option to enable WD at boot time. This will cause the WD engine process to load at boot time. Once Eset "straightens itself out" registration-wise with the Security Center, it then internally disables WD's Periodic Scanning feature. If so, this definitely falls into the "mega-kluge" category.😬

Link to comment
Share on other sites

Well , first I thought these problems are related to errors /bugs om my system .......after reading these latest messages , Im sure its the update from 12.2.23 to 12.2.29  !!

People are reporting the same errors/ bugs as I encountered , so its definitly NOT my fault/system................!!

Hopefully Eset will take action very soon , costed me a lot of time already...................:angry:

Link to comment
Share on other sites

  • Administrators

As for WD being started, it could be that during re-registration to WSC which we started to do as of v12.2.29 under certain circumstances to avoid the issue discussed in https://forum.eset.com/topic/20736-error-message-from-windows-at-version-122280/, for a very short period Windows doesn't detect any AV and enables WD for a moment. However, that's just my speculation and it will require further investigation.

As for the issue with WD periodic scanning being disabled after upgrade, this is going to be investigated as well. However, according to developers no changes were made in this regard.

Link to comment
Share on other sites

I will also add that the Eset Win Security Center registration issue is not 100% fixed on ver. 12.2.29 as evidenced by the below log screen shot. However, I was having hardware issues at this time; non-boot hard drive crashed.

Eset_Registration.thumb.png.ca086b4a48585c2b7a1fcd27338e526f.png

Link to comment
Share on other sites

I installed ESET IS and registration to Windows Security Center was successful but like mentioned above, WD is starting for some minutes at startup.

There used to be an option to ask the user before performing a program update. Why was it removed? I installed the 12.2.23.0 version from the offline installer and after the first update it automatically updated to 12.2.29.0. Who thought it would be a better idea to remove the option to ask the user??!! A lot of us could've avoided this if the option was still there.

Link to comment
Share on other sites

Very dissapointed untill now.............still no actions from Eset to repair these errors/annoyings ! :angry:

" I installed the 12.2.23.0 version from the offline installer and after the first update it automatically updated to 12.2.29.0. Who thought it would be a better idea to remove the option to ask the user??!! A lot of us could've avoided this if the option was still there. "............yes, indeed true !!

WHY removed Eset this option , very good question ......................hope it will be back next update soon !

Link to comment
Share on other sites

  • Administrators

As I already stated, the issues are being investigated. However, so far the problem seems to be in WSC itself. All we've changed recently was replacing the certificate and re-registering to WSC. The process of registration is fully handled by Windows and it's beyond control of any 3rd party vendor. It is possible that the said issues will be subject of discussion on personal meetings with Microsoft's developers.

There was an option to control PCU in legacy versions (up to v8 I recall). Upgrade via PCU was not reliable since the whole program had to be uninstalled and a new version was installed from scratch which used to fail at times. With the introduction of smaller and reliable so-call micro PCU (uPCU) and with the move to AV-as-service approach (in v10-v11), it has become even more important to keep the program up to date. Still, users have an option to disable program updates completely which is, of course, not recommended.

Link to comment
Share on other sites

" Still, users have an option to disable program updates completely which is, of course, not recommended " .......how to do that ??

And , how to stay with version 12.2.23 , when your immediately have to reboot to change to version 12.2.29 ..........??!!

I want to STAY with version 12.2.23 , untill a solid solution will be available ( to avoid the errors in 12.2.29 !)

Link to comment
Share on other sites

2 hours ago, Pete12 said:

" Still, users have an option to disable program updates completely which is, of course, not recommended " .......how to do that ??

And , how to stay with version 12.2.23 , when your immediately have to reboot to change to version 12.2.29 ..........??!!

I want to STAY with version 12.2.23 , untill a solid solution will be available ( to avoid the errors in 12.2.29 !)

Well Pete12 I'm not to good or teksavvy at this but what I did is , 1) go to programs to uninstall or repair and click repair then restart , 2) go to advanced settings in setup, 3) go to update and enable ask before downloading update , then you just take the update engine and NOT product update , not the best explanation but hope it helps. I'm running old win7 64 bit computer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...